GitLab

https://bugs.webkit.org/show_bug.cgi?id=120912

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Add support for ES6 WeakMap.  Add the cluster of boilerplate
classes around the core WeakMapData class.

WeakMapData is a simple object->value hash table that uses a
combo of WeakReferenceHarvester to conditionally keep the weak
value reference live, and UnconditionalFinalizer to clean the
dead keys from the table post-GC.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* runtime/CommonIdentifiers.h:
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::weakMapDataStructure):
* runtime/JSWeakMap.cpp: Added.
(JSC::JSWeakMap::finishCreation):
(JSC::JSWeakMap::visitChildren):
* runtime/JSWeakMap.h: Added.
(JSC::JSWeakMap::createStructure):
(JSC::JSWeakMap::create):
(JSC::JSWeakMap::weakMapData):
(JSC::JSWeakMap::JSWeakMap):
* runtime/WeakMapConstructor.cpp: Added.
(JSC::WeakMapConstructor::finishCreation):
(JSC::constructWeakMap):
(JSC::WeakMapConstructor::getConstructData):
(JSC::WeakMapConstructor::getCallData):
* runtime/WeakMapConstructor.h: Added.
(JSC::WeakMapConstructor::create):
(JSC::WeakMapConstructor::createStructure):
(JSC::WeakMapConstructor::WeakMapConstructor):
* runtime/WeakMapData.cpp: Added.
(JSC::WeakMapData::WeakMapData):
(JSC::WeakMapData::finishCreation):
(JSC::WeakMapData::destroy):
(JSC::WeakMapData::visitChildren):
(JSC::WeakMapData::set):
(JSC::WeakMapData::get):
(JSC::WeakMapData::remove):
(JSC::WeakMapData::contains):
(JSC::WeakMapData::clear):
(JSC::WeakMapData::DeadKeyCleaner::visitWeakReferences):
(JSC::WeakMapData::DeadKeyCleaner::finalizeUnconditionally):
* runtime/WeakMapData.h: Added.
(JSC::WeakMapData::create):
(JSC::WeakMapData::createStructure):
(JSC::WeakMapData::DeadKeyCleaner::DeadKeyCleaner):
* runtime/WeakMapPrototype.cpp: Added.
(JSC::WeakMapPrototype::finishCreation):
(JSC::getWeakMapData):
(JSC::protoFuncWeakMapClear):
(JSC::protoFuncWeakMapDelete):
(JSC::protoFuncWeakMapGet):
(JSC::protoFuncWeakMapHas):
(JSC::protoFuncWeakMapSet):
* runtime/WeakMapPrototype.h: Added.
(JSC::WeakMapPrototype::create):
(JSC::WeakMapPrototype::createStructure):
(JSC::WeakMapPrototype::WeakMapPrototype):

LayoutTests:

Basic tests.

* js/basic-weakmap-expected.txt: Added.
* js/basic-weakmap.html: Added.
* js/script-tests/basic-weakmap.js: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155473 268f45cc-cd09-0410-ab3c-d52691b4dbfc

<https://webkit.org/b/121070>

Rubber-stamped by Anders Carlsson.

RefPtr<Foo> protect(this) => Ref<Foo> protect(*this).


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155414 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JSArray::shiftCountWithArrayStorage doesn't change indexBias when shifting the last element in m_vector
https://bugs.webkit.org/show_bug.cgi?id=120389

Reviewed by Michael Saboff.

Went through and cleaned up shiftCountWithArrayStorage. Gave meaningful variable names
and commented the confusing parts. This led to realizing how to fix this bug, which has
been done. The issue was that we were modifying the vector length unconditionally, even
when we weren't logically changing the length of the vector. Instead, we should only modify
the vector length when we modify the index bias.

* runtime/JSArray.cpp:
(JSC::JSArray::shiftCountWithArrayStorage):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155395 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=121006

Reviewed by Darin Adler.

Source/JavaScriptCore:

Convert uses of WTF type traits to STL type traits.

* heap/PassWeak.h:
* runtime/JSCell.h:
(JSC::jsCast):
(JSC::jsDynamicCast):
* runtime/WriteBarrier.h:
(JSC::validateCell):

Source/WebKit2:

Convert uses of WTF type traits to STL type traits.

* Platform/CoreIPC/ArgumentCoder.h:
* Platform/CoreIPC/ArgumentCoders.h:
* Platform/CoreIPC/ArgumentDecoder.h:
* Platform/CoreIPC/ArgumentEncoder.h:
* Platform/CoreIPC/Arguments.h:
* Shared/API/c/WKSharedAPICast.h:
(WebKit::toImpl):

Source/WTF:

The C++11 has its own type traits implementation that is more complete and handles corner cases better
since it ties into the compiler. Begin switching uses of WTF type traits to STL type traits.

* wtf/CheckedArithmetic.h:
* wtf/HashTraits.h:
* wtf/NeverDestroyed.h:
* wtf/OwnPtr.h:
* wtf/PassOwnPtr.h:
(WTF::adoptPtr):
* wtf/RetainPtr.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155357 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120990

Reviewed by Sam Weinig.

Source/WebCore:

* html/HTMLImageElement.cpp:
* loader/archive/mhtml/MHTMLParser.cpp:
* platform/graphics/cairo/GraphicsContext3DCairo.cpp:
* platform/graphics/win/GraphicsContext3DWin.cpp:
* platform/network/soup/SocketStreamHandleSoup.cpp:

Source/WebKit/blackberry:

* Api/BackingStore.cpp:

Source/WebKit2:

* Shared/EditorState.h:

Source/WTF:

* GNUmakefile.list.am:
* WTF.pro:
* WTF.vcxproj/WTF.vcxproj:
* WTF.vcxproj/WTF.vcxproj.filters:
* WTF.xcodeproj/project.pbxproj:
* wtf/CMakeLists.txt:
* wtf/NotFound.h: Removed.
* wtf/Vector.h:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155308 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120964

Reviewed by Andreas Kling.

Source/JavaScriptCore:

Use OwnArrayPtr instead of PassOwnArrayPtr.

* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
* runtime/SymbolTable.h:
(JSC::SharedSymbolTable::setSlowArguments):

Source/WebCore:

Use OwnArrayPtr instead of PassOwnArrayPtr.

* html/canvas/WebGLRenderingContext.cpp:
* platform/Length.cpp:
(WebCore::newCoordsArray):
(WebCore::newLengthArray):
* platform/Length.h:
* platform/audio/FFTFrame.h:
* platform/graphics/GraphicsContext3D.cpp:
* platform/graphics/GraphicsContext3D.h:
* platform/graphics/texmap/TextureMapperGL.cpp:
* platform/graphics/wince/SharedBitmap.cpp:

Source/WebKit2:

Remove unneeded includes.

* Shared/ImmutableArray.h:
* WebProcess/InjectedBundle/InjectedBundle.cpp:

Source/WTF:

Make OwnArrayPtr a proper move-only type and get rid of PassOwnArrayPtr.

Ultimately I'd like to get rid of OwnArrayPtr as well and just have it be a specialization
of OwnPtr<T[]>, but this is a step in the right direction.

* GNUmakefile.list.am:
* WTF.pro:
* WTF.vcxproj/WTF.vcxproj:
* WTF.vcxproj/WTF.vcxproj.filters:
* WTF.xcodeproj/project.pbxproj:
* wtf/Assertions.cpp:
* wtf/CMakeLists.txt:
* wtf/DateMath.h:
* wtf/FastBitVector.h:
* wtf/Forward.h:
* wtf/OwnArrayPtr.h:
* wtf/PassOwnArrayPtr.h: Removed.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155262 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120898

Reviewed by Oliver Hunt.

Source/JavaScriptCore:

Change all the hash table members in ExecState to be OwnPtrs and use
adoptPtr instead. Also, since none of the hash tables can be null, change their getters
to return references and propagate the reference types wherever we know that a HashTable can't be null.

* interpreter/CallFrame.h:
(JSC::ExecState::arrayConstructorTable):
(JSC::ExecState::arrayPrototypeTable):
(JSC::ExecState::booleanPrototypeTable):
(JSC::ExecState::dataViewTable):
(JSC::ExecState::dateTable):
(JSC::ExecState::dateConstructorTable):
(JSC::ExecState::errorPrototypeTable):
(JSC::ExecState::globalObjectTable):
(JSC::ExecState::jsonTable):
(JSC::ExecState::numberConstructorTable):
(JSC::ExecState::numberPrototypeTable):
(JSC::ExecState::objectConstructorTable):
(JSC::ExecState::privateNamePrototypeTable):
(JSC::ExecState::regExpTable):
(JSC::ExecState::regExpConstructorTable):
(JSC::ExecState::regExpPrototypeTable):
(JSC::ExecState::stringConstructorTable):
(JSC::ExecState::promisePrototypeTable):
(JSC::ExecState::promiseConstructorTable):
(JSC::ExecState::promiseResolverPrototypeTable):
* runtime/ClassInfo.h:
(JSC::ClassInfo::propHashTable):
* runtime/Lookup.h:
(JSC::getStaticPropertySlot):
(JSC::getStaticFunctionSlot):
(JSC::getStaticValueSlot):
(JSC::lookupPut):
* runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::~VM):
* runtime/VM.h:

Source/WebCore:

Update for changes to JavaScriptCore.

* bindings/js/DOMObjectHashTableMap.h:
(WebCore::DOMObjectHashTableMap::get):
* bindings/js/JSDOMBinding.cpp:
(WebCore::getHashTableForGlobalData):
* bindings/js/JSDOMBinding.h:
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::put):
* bindings/js/JSPluginElementFunctions.h:
(WebCore::pluginElementCustomGetOwnPropertySlot):
* bindings/js/JSStorageCustom.cpp:
(WebCore::JSStorage::deleteProperty):
(WebCore::JSStorage::putDelegate):
* bindings/scripts/CodeGeneratorJS.pm:
(hashTableAccessor):
(prototypeHashTableAccessor):
(constructorHashTableAccessor):
(GenerateGetOwnPropertySlotBody):
(GenerateImplementation):
(GenerateConstructorHelperMethods):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155219 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120801

Reviewed by Gavin Barraclough.

Add an iterator macro that lists all the "simple" ES types (e.g. type
consists of instance, constructor, and prototype classes).  So that
we don't need to have every new type litter JSGlobalObject.{cpp,h} with
members, accessors, and manual GC visiting.

* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155177 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120785

Reviewed by Andreas Kling.

Source/JavaScriptCore:

There's no need to rely on compiler specific support to figure out if a class is trivially destructable,
we can just use type traits from STL. Do this, fix the assert macro to use static_assert directly and
rename it from ASSERT_HAS_TRIVIAL_DESTRUCTOR to STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE to clarify that
it's a static assert and to match the STL nomenclature.

* API/JSCallbackFunction.cpp:
* debugger/DebuggerActivation.cpp:
* heap/GCAssertions.h:
* runtime/ArrayConstructor.cpp:
* runtime/BooleanConstructor.cpp:
* runtime/BooleanObject.cpp:
* runtime/BooleanPrototype.cpp:
* runtime/DateConstructor.cpp:
* runtime/ErrorConstructor.cpp:
* runtime/ErrorInstance.cpp:
* runtime/ErrorPrototype.cpp:
* runtime/ExceptionHelpers.cpp:
* runtime/FunctionConstructor.cpp:
* runtime/FunctionPrototype.cpp:
* runtime/GetterSetter.cpp:
* runtime/InternalFunction.cpp:
* runtime/JSAPIValueWrapper.cpp:
* runtime/JSArray.cpp:
* runtime/JSCell.cpp:
* runtime/JSNotAnObject.cpp:
* runtime/JSONObject.cpp:
* runtime/JSObject.cpp:
* runtime/JSPromiseConstructor.cpp:
* runtime/JSPromisePrototype.cpp:
* runtime/JSPromiseResolverConstructor.cpp:
* runtime/JSPromiseResolverPrototype.cpp:
* runtime/JSProxy.cpp:
* runtime/JSScope.cpp:
* runtime/JSWrapperObject.cpp:
* runtime/MathObject.cpp:
* runtime/NameConstructor.cpp:
* runtime/NativeErrorConstructor.cpp:
* runtime/NumberConstructor.cpp:
* runtime/NumberObject.cpp:
* runtime/NumberPrototype.cpp:
* runtime/ObjectConstructor.cpp:
* runtime/ObjectPrototype.cpp:
* runtime/RegExpObject.cpp:
* runtime/StrictEvalActivation.cpp:
* runtime/StringConstructor.cpp:
* runtime/StringObject.cpp:
* runtime/StringPrototype.cpp:

Source/WebCore:

Update for JavaScriptCore changes.

* bindings/js/JSDOMBinding.cpp:
* bindings/js/JSImageConstructor.cpp:

Source/WebKit2:

Update for JavaScriptCore changes.

* WebProcess/Plugins/Netscape/JSNPMethod.cpp:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155143 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120723

Source/JavaScriptCore: 

Reviewed by Geoffrey Garen.
        
* runtime/TestRunnerUtils.cpp:
(JSC::numberOfDFGCompiles): This should also handle constructors.

LayoutTests: 

Reviewed by Geoffrey Garen.
        
Add dfgShouldBe(), a handy function that covers a lot of common cases.
Also convert a bunch of tests.

* fast/js/dfg-activation-register-overwritten-in-throw-expected.txt:
* fast/js/dfg-add-not-number-expected.txt:
* fast/js/dfg-allocation-profile-watch-point-exit-expected.txt:
* fast/js/dfg-arguments-alias-escape-expected.txt:
* fast/js/dfg-arguments-cross-code-origin-expected.txt:
* fast/js/dfg-arguments-mixed-alias-expected.txt:
* fast/js/dfg-arguments-strict-mode-expected.txt:
* fast/js/dfg-arguments-unexpected-escape-expected.txt:
* fast/js/dfg-array-dead-expected.txt:
* fast/js/dfg-array-length-dead-expected.txt:
* fast/js/dfg-array-pop-value-clearing-expected.txt:
* fast/js/dfg-array-push-bad-time-expected.txt:
* fast/js/dfg-array-push-slow-put-expected.txt:
* fast/js/dfg-arrayify-when-late-prevent-extensions-expected.txt:
* fast/js/dfg-arrayify-when-prevent-extensions-expected.txt:
* fast/js/dfg-bool-to-int32-reuse-expected.txt:
* fast/js/jsc-test-list:
* fast/js/resources/js-test-pre.js:
(dfgShouldBe):
* fast/js/resources/standalone-pre.js:
(dfgShouldBe):
* fast/js/script-tests/dfg-activation-register-overwritten-in-throw.js:
(g):
* fast/js/script-tests/dfg-add-not-number.js:
* fast/js/script-tests/dfg-allocation-profile-watch-point-exit.js:
(foo):
* fast/js/script-tests/dfg-arguments-alias-escape.js:
* fast/js/script-tests/dfg-arguments-cross-code-origin.js:
* fast/js/script-tests/dfg-arguments-mixed-alias.js:
* fast/js/script-tests/dfg-arguments-strict-mode.js:
* fast/js/script-tests/dfg-arguments-unexpected-escape.js:
* fast/js/script-tests/dfg-array-dead.js:
* fast/js/script-tests/dfg-array-length-dead.js:
* fast/js/script-tests/dfg-array-pop-value-clearing.js:
* fast/js/script-tests/dfg-array-push-bad-time.js:
* fast/js/script-tests/dfg-array-push-slow-put.js:
* fast/js/script-tests/dfg-arrayify-when-late-prevent-extensions.js:
* fast/js/script-tests/dfg-arrayify-when-prevent-extensions.js:
* fast/js/script-tests/dfg-bool-to-int32-reuse.js:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155096 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120697

Reviewed by Mark Hahnenberg.

Source/JavaScriptCore: 

* API/JSCTestRunnerUtils.cpp:
(JSC::numberOfDFGCompiles):
(JSC::setNeverInline):
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* jsc.cpp:
(GlobalObject::finishCreation):
(functionNeverInlineFunction):
(functionNumberOfDFGCompiles):
* runtime/TestRunnerUtils.cpp: Added.
(JSC::getExecutable):
(JSC::numberOfDFGCompiles):
(JSC::setNeverInline):
* runtime/TestRunnerUtils.h: Added.

LayoutTests: 

* fast/js/resources/standalone-pre.js:
(testPassed):
(testFailed):
(dfgCompiled):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155090 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120706.

Reviewed by Geoffrey Garen.

Source/JavaScriptCore: 

Also did some minor refactoring:
- Renamed StackIterator::iterate() to StackVisitor::visit().
- Make StackVisitor::visit() a static method.
- Move the instantiation of the StackVisitor instance into StackVisitor::visit()
  from CallFrame::iterate().
- Removed StackIterator::resetIterator() and inline its body into the
  StackVisitor constructor since this is the only remaining caller of it.

* API/JSContextRef.cpp:
(BacktraceFunctor::operator()):
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* interpreter/CallFrame.h:
(JSC::ExecState::iterate):
* interpreter/Interpreter.cpp:
(JSC::DumpRegisterFunctor::operator()):
(JSC::unwindCallFrame):
(JSC::getStackFrameCodeType):
(JSC::GetStackTraceFunctor::operator()):
(JSC::UnwindFunctor::operator()):
* interpreter/Interpreter.h:
* interpreter/StackIterator.cpp: Removed.
* interpreter/StackIterator.h: Removed.
* interpreter/StackVisitor.cpp: Copied from Source/JavaScriptCore/interpreter/StackIterator.cpp.
(JSC::StackVisitor::StackVisitor):
(JSC::StackVisitor::gotoNextFrame):
(JSC::StackVisitor::readFrame):
(JSC::StackVisitor::readNonInlinedFrame):
(JSC::StackVisitor::readInlinedFrame):
(JSC::StackVisitor::Frame::codeType):
(JSC::StackVisitor::Frame::functionName):
(JSC::StackVisitor::Frame::sourceURL):
(JSC::StackVisitor::Frame::toString):
(JSC::StackVisitor::Frame::arguments):
(JSC::StackVisitor::Frame::computeLineAndColumn):
(JSC::StackVisitor::Frame::retrieveExpressionInfo):
(JSC::StackVisitor::Frame::setToEnd):
(JSC::StackVisitor::Frame::print):
(DebugPrintFrameFunctor::operator()):
* interpreter/StackVisitor.h: Copied from Source/JavaScriptCore/interpreter/StackIterator.h.
(JSC::StackVisitor::visit):
* jsc.cpp:
(FunctionJSCStackFunctor::operator()):
* profiler/ProfileGenerator.cpp:
(JSC::AddParentForConsoleStartFunctor::operator()):
* runtime/JSFunction.cpp:
(JSC::RetrieveArgumentsFunctor::operator()):
(JSC::RetrieveCallerFunctionFunctor::operator()):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::GlobalFuncProtoGetterFunctor::operator()):
(JSC::GlobalFuncProtoSetterFunctor::operator()):
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):

Source/WebCore: 

No new tests.

* ForwardingHeaders/interpreter/StackIterator.h: Removed.
* ForwardingHeaders/interpreter/StackVisitor.h: Copied from Source/WebCore/ForwardingHeaders/interpreter/StackIterator.h.
* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::SendFunctor::operator()):
* bindings/js/ScriptCallStackFactory.cpp:
(WebCore::CreateScriptCallStackFunctor::operator()):
(WebCore::CreateScriptCallStackForConsoleFunctor::operator()):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155081 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120695.

Reviewed by Geoffrey Garen.

Source/JavaScriptCore: 

Introduce CallFrame::iterate() which instantiates a StackIterator and
invoke its iterate() method with the passed in functor. The only place
where the client code gets access to the StackIterator now is as an
argument to the client's functor.

* API/JSContextRef.cpp:
(JSContextCreateBacktrace):
* interpreter/CallFrame.cpp:
* interpreter/CallFrame.h:
(JSC::ExecState::iterate):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::dumpRegisters):
(JSC::Interpreter::getStackTrace):
(JSC::Interpreter::unwind):
* interpreter/StackIterator.cpp:
(JSC::StackIterator::StackIterator):
(DebugPrintFrameFunctor::DebugPrintFrameFunctor):
(DebugPrintFrameFunctor::operator()):
(debugPrintCallFrame):
(debugPrintStack):
* interpreter/StackIterator.h:
(JSC::StackIterator::iterate):
* jsc.cpp:
(functionJSCStack):
* profiler/ProfileGenerator.cpp:
(JSC::ProfileGenerator::addParentForConsoleStart):
* runtime/JSFunction.cpp:
(JSC::retrieveArguments):
(JSC::RetrieveCallerFunctionFunctor::operator()):
(JSC::retrieveCallerFunction):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncProtoGetter):
(JSC::globalFuncProtoSetter):
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorGetPrototypeOf):

Source/WebCore: 

No new tests.

* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::SendFunctor::SendFunctor):
(WebCore::SendFunctor::line):
(WebCore::SendFunctor::url):
(WebCore::SendFunctor::operator()):
(WebCore::JSXMLHttpRequest::send):
* bindings/js/ScriptCallStackFactory.cpp:
(WebCore::createScriptCallStack):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155075 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=112838

Source/JavaScriptCore: 

Reviewed by Mark Hahnenberg.
        
This adds the ability for the DFG to tier-up into the FTL. This works in both
of the expected tier-up modes:
        
Replacement: frequently called functions eventually have their entrypoint
replaced with one that goes into FTL-compiled code. Note, this will be a
slow-down for now since we don't yet have LLVM calling convention integration.
        
OSR entry: code stuck in hot loops gets OSR'd into the FTL from the DFG.
        
This means that if the DFG detects that a function is an FTL candidate, it
inserts execution counting code similar to the kind that the baseline JIT
would use. If you trip on a loop count in a loop header that is an OSR
candidate (it's not an inlined loop), we do OSR; otherwise we do replacement.
OSR almost always also implies future replacement.
        
OSR entry into the FTL is really cool. It uses a specialized FTL compile of
the code, where early in the DFG pipeline we replace the original root block
with an OSR entrypoint block that jumps to the pre-header of the hot loop.
The OSR entrypoint loads all live state at the loop pre-header using loads
from a scratch buffer, which gets populated by the runtime's OSR entry
preparation code (FTL::prepareOSREntry()). This approach appears to work well
with all of our subsequent optimizations, including prediction propagation,
CFA, and LICM. LLVM seems happy with it, too. Best of all, it works naturally
with concurrent compilation: when we hit the tier-up trigger we spawn a
compilation plan at the bytecode index from which we triggered; once the
compilation finishes the next trigger will try to enter, at that bytecode
index. If it can't - for example because the code has moved on to another
loop - then we just try again. Loops that get hot enough for OSR entry (about
25,000 iterations) will probably still be running when a concurrent compile
finishes, so this doesn't appear to be a big problem.
        
This immediately gives us a 70% speed-up on imaging-gaussian-blur. We could
get a bigger speed-up by adding some more intelligence and tweaking LLVM to
compile code faster. Those things will happen eventually but this is a good
start. Probably this code will see more tuning as we get more coverage in the
FTL JIT, but I'll worry about that in future patches.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::hasOptimizedReplacement):
(JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
* bytecode/CodeBlock.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGCFGSimplificationPhase.cpp:
(JSC::DFG::CFGSimplificationPhase::run):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDriver.cpp:
(JSC::DFG::compileImpl):
(JSC::DFG::compile):
* dfg/DFGDriver.h:
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::killBlockAndItsContents):
(JSC::DFG::Graph::killUnreachableBlocks):
* dfg/DFGGraph.h:
* dfg/DFGInPlaceAbstractState.cpp:
(JSC::DFG::InPlaceAbstractState::initialize):
* dfg/DFGJITCode.cpp:
(JSC::DFG::JITCode::reconstruct):
(JSC::DFG::JITCode::checkIfOptimizationThresholdReached):
(JSC::DFG::JITCode::optimizeNextInvocation):
(JSC::DFG::JITCode::dontOptimizeAnytimeSoon):
(JSC::DFG::JITCode::optimizeAfterWarmUp):
(JSC::DFG::JITCode::optimizeSoon):
(JSC::DFG::JITCode::forceOptimizationSlowPathConcurrently):
(JSC::DFG::JITCode::setOptimizationThresholdBasedOnCompilationResult):
* dfg/DFGJITCode.h:
* dfg/DFGJITFinalizer.cpp:
(JSC::DFG::JITFinalizer::finalize):
(JSC::DFG::JITFinalizer::finalizeFunction):
(JSC::DFG::JITFinalizer::finalizeCommon):
* dfg/DFGLoopPreHeaderCreationPhase.cpp:
(JSC::DFG::createPreHeader):
(JSC::DFG::LoopPreHeaderCreationPhase::run):
* dfg/DFGLoopPreHeaderCreationPhase.h:
* dfg/DFGNode.h:
(JSC::DFG::Node::hasUnlinkedLocal):
(JSC::DFG::Node::unlinkedLocal):
* dfg/DFGNodeType.h:
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* dfg/DFGOSREntrypointCreationPhase.cpp: Added.
(JSC::DFG::OSREntrypointCreationPhase::OSREntrypointCreationPhase):
(JSC::DFG::OSREntrypointCreationPhase::run):
(JSC::DFG::performOSREntrypointCreation):
* dfg/DFGOSREntrypointCreationPhase.h: Added.
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::Plan):
(JSC::DFG::Plan::compileInThread):
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGPlan.h:
* dfg/DFGPredictionInjectionPhase.cpp:
(JSC::DFG::PredictionInjectionPhase::run):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGTierUpCheckInjectionPhase.cpp: Added.
(JSC::DFG::TierUpCheckInjectionPhase::TierUpCheckInjectionPhase):
(JSC::DFG::TierUpCheckInjectionPhase::run):
(JSC::DFG::performTierUpCheckInjection):
* dfg/DFGTierUpCheckInjectionPhase.h: Added.
* dfg/DFGToFTLDeferredCompilationCallback.cpp: Added.
(JSC::DFG::ToFTLDeferredCompilationCallback::ToFTLDeferredCompilationCallback):
(JSC::DFG::ToFTLDeferredCompilationCallback::~ToFTLDeferredCompilationCallback):
(JSC::DFG::ToFTLDeferredCompilationCallback::create):
(JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
(JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidComplete):
* dfg/DFGToFTLDeferredCompilationCallback.h: Added.
* dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp: Added.
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::ToFTLForOSREntryDeferredCompilationCallback):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::~ToFTLForOSREntryDeferredCompilationCallback):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::create):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):
* dfg/DFGToFTLForOSREntryDeferredCompilationCallback.h: Added.
* dfg/DFGWorklist.cpp:
(JSC::DFG::globalWorklist):
* dfg/DFGWorklist.h:
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLCapabilities.h:
* ftl/FTLForOSREntryJITCode.cpp: Added.
(JSC::FTL::ForOSREntryJITCode::ForOSREntryJITCode):
(JSC::FTL::ForOSREntryJITCode::~ForOSREntryJITCode):
(JSC::FTL::ForOSREntryJITCode::ftlForOSREntry):
(JSC::FTL::ForOSREntryJITCode::initializeEntryBuffer):
* ftl/FTLForOSREntryJITCode.h: Added.
(JSC::FTL::ForOSREntryJITCode::entryBuffer):
(JSC::FTL::ForOSREntryJITCode::setBytecodeIndex):
(JSC::FTL::ForOSREntryJITCode::bytecodeIndex):
(JSC::FTL::ForOSREntryJITCode::countEntryFailure):
(JSC::FTL::ForOSREntryJITCode::entryFailureCount):
* ftl/FTLJITFinalizer.cpp:
(JSC::FTL::JITFinalizer::finalizeFunction):
* ftl/FTLLink.cpp:
(JSC::FTL::link):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileBlock):
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileExtractOSREntryLocal):
(JSC::FTL::LowerDFGToLLVM::compileGetLocal):
(JSC::FTL::LowerDFGToLLVM::addWeakReference):
* ftl/FTLOSREntry.cpp: Added.
(JSC::FTL::prepareOSREntry):
* ftl/FTLOSREntry.h: Added.
* ftl/FTLOutput.h:
(JSC::FTL::Output::crashNonTerminal):
(JSC::FTL::Output::crash):
* ftl/FTLState.cpp:
(JSC::FTL::State::State):
* interpreter/Register.h:
(JSC::Register::unboxedDouble):
* jit/JIT.cpp:
(JSC::JIT::emitEnterOptimizationCheck):
* jit/JITCode.cpp:
(JSC::JITCode::ftlForOSREntry):
* jit/JITCode.h:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Executable.cpp:
(JSC::ScriptExecutable::newReplacementCodeBlockFor):
* runtime/Options.h:
* runtime/VM.cpp:
(JSC::VM::ensureWorklist):
* runtime/VM.h:

LayoutTests: 

Reviewed by Mark Hahnenberg.
        
Fix marsaglia to check the result instead of printing, and add a second
version that relies on OSR entry.

* fast/js/regress/marsaglia-osr-entry-expected.txt: Added.
* fast/js/regress/marsaglia-osr-entry.html: Added.
* fast/js/regress/script-tests/marsaglia-osr-entry.js: Added.
(marsaglia):
* fast/js/regress/script-tests/marsaglia.js:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155023 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120564.

Reviewed by Filip Pizlo.

Source/JavaScriptCore: 

* API/JSContextRef.cpp:
(BacktraceFunctor::BacktraceFunctor):
(BacktraceFunctor::operator()):
(JSContextCreateBacktrace):
* interpreter/CallFrame.cpp:
* interpreter/CallFrame.h:
* interpreter/Interpreter.cpp:
(JSC::DumpRegisterFunctor::DumpRegisterFunctor):
(JSC::DumpRegisterFunctor::operator()):
(JSC::Interpreter::dumpRegisters):
(JSC::unwindCallFrame):
(JSC::GetStackTraceFunctor::GetStackTraceFunctor):
(JSC::GetStackTraceFunctor::operator()):
(JSC::Interpreter::getStackTrace):
(JSC::Interpreter::stackTraceAsString):
(JSC::UnwindFunctor::UnwindFunctor):
(JSC::UnwindFunctor::operator()):
(JSC::Interpreter::unwind):
* interpreter/Interpreter.h:
* interpreter/StackIterator.cpp:
(JSC::StackIterator::numberOfFrames):
(JSC::StackIterator::gotoFrameAtIndex):
(JSC::StackIterator::gotoNextFrameWithFilter):
(JSC::StackIterator::resetIterator):
(JSC::StackIterator::Frame::print):
(debugPrintCallFrame):
(DebugPrintStackFunctor::operator()):
(debugPrintStack): Added for debugging convenience.
* interpreter/StackIterator.h:
(JSC::StackIterator::Frame::index):
(JSC::StackIterator::iterate):
* jsc.cpp:
(FunctionJSCStackFunctor::FunctionJSCStackFunctor):
(FunctionJSCStackFunctor::operator()):
(functionJSCStack):
* profiler/ProfileGenerator.cpp:
(JSC::AddParentForConsoleStartFunctor::AddParentForConsoleStartFunctor):
(JSC::AddParentForConsoleStartFunctor::foundParent):
(JSC::AddParentForConsoleStartFunctor::operator()):
(JSC::ProfileGenerator::addParentForConsoleStart):
* runtime/JSFunction.cpp:
(JSC::RetrieveArgumentsFunctor::RetrieveArgumentsFunctor):
(JSC::RetrieveArgumentsFunctor::result):
(JSC::RetrieveArgumentsFunctor::operator()):
(JSC::retrieveArguments):
(JSC::RetrieveCallerFunctionFunctor::RetrieveCallerFunctionFunctor):
(JSC::RetrieveCallerFunctionFunctor::result):
(JSC::RetrieveCallerFunctionFunctor::operator()):
(JSC::retrieveCallerFunction):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::GlobalFuncProtoGetterFunctor::GlobalFuncProtoGetterFunctor):
(JSC::GlobalFuncProtoGetterFunctor::result):
(JSC::GlobalFuncProtoGetterFunctor::operator()):
(JSC::globalFuncProtoGetter):
(JSC::GlobalFuncProtoSetterFunctor::GlobalFuncProtoSetterFunctor):
(JSC::GlobalFuncProtoSetterFunctor::allowsAccess):
(JSC::GlobalFuncProtoSetterFunctor::operator()):
(JSC::globalFuncProtoSetter):
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
(JSC::ObjectConstructorGetPrototypeOfFunctor::result):
(JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
(JSC::objectConstructorGetPrototypeOf):

Source/WebCore: 

No new tests.

* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::SendFunctor::SendFunctor):
(WebCore::SendFunctor::hasViableFrame):
(WebCore::SendFunctor::operator()):
(WebCore::JSXMLHttpRequest::send):
* bindings/js/ScriptCallStackFactory.cpp:
(WebCore::CreateScriptCallStackFunctor::CreateScriptCallStackFunctor):
(WebCore::CreateScriptCallStackFunctor::operator()):
(WebCore::createScriptCallStack):
(WebCore::CreateScriptCallStackForConsoleFunctor::CreateScriptCallStackForConsoleFunctor):
(WebCore::CreateScriptCallStackForConsoleFunctor::operator()):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155013 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120654

Reviewed by Simon Fraser.

Source/JavaScriptCore:

Make xcode copy the required headers, and add appropriate export attributes

* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/JSMap.h:
* runtime/JSSet.h:
* runtime/MapData.h:

Source/WebCore:

Add support for cloning Map and Set.  Fairly self explanatory change.
Needed to add Forwarding headers for the JSMap, JSSet and MapData classes.

* ForwardingHeaders/runtime/JSMap.h: Added.
* ForwardingHeaders/runtime/JSSet.h: Added.
* ForwardingHeaders/runtime/MapData.h: Added.
* bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneSerializer::isMap):
(WebCore::CloneSerializer::isSet):
(WebCore::CloneSerializer::startSet):
(WebCore::CloneSerializer::startMap):
(WebCore::CloneSerializer::serialize):
(WebCore::CloneDeserializer::consumeMapDataTerminationIfPossible):
(WebCore::CloneDeserializer::deserialize):

LayoutTests:

Tests!

* fast/dom/Window/script-tests/postmessage-clone.js:
(set new):
(set add.set add):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155008 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=73648

Reviewed by Oliver Hunt.

Source/JavaScriptCore: 

Based on the patch written by Jarred Nicholls.

Add JSC::JSONParse. This function will be used in XMLHttpRequest.response of type 'json'.

* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/JSONObject.cpp:
(JSC::JSONParse):
* runtime/JSONObject.h:

Source/WebCore: 

Based on the patch written by Jarred Nicholls.

Implement 'json' type for XMLHttpRequest.response. We cache the result on JSC side as a cached attribute
unlike other response types like 'document' and 'blob' for which the parsed response object is cached
in XMLHttpRequest itself. In the long run, we should do the same for other types of response types.

Also refactored the various code to share the code.

Tests: fast/xmlhttprequest/xmlhttprequest-responsetype-json-invalid.html
       fast/xmlhttprequest/xmlhttprequest-responsetype-json-utf16.html
       fast/xmlhttprequest/xmlhttprequest-responsetype-json-valid.html

* ForwardingHeaders/runtime/JSONObject.h: Added.

* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::JSXMLHttpRequest::visitChildren):
(WebCore::JSXMLHttpRequest::response): Use JSONParse to parse the response text and cache the result.
Call didCacheResponseJSON to set the cache status and clear the original response buffer.

* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::XMLHttpRequest): Added m_responseCacheIsValid to invalidate the cache of
a json response.
(WebCore::XMLHttpRequest::responseText):
(WebCore::XMLHttpRequest::didCacheResponseJSON): Added; Updates m_responseCacheIsValid and clears the
response buffer to save memory.
(WebCore::XMLHttpRequest::responseXML):
(WebCore::XMLHttpRequest::setResponseType):
(WebCore::XMLHttpRequest::responseType):
(WebCore::XMLHttpRequest::clearResponseBuffers):
(WebCore::XMLHttpRequest::didReceiveData):

* xml/XMLHttpRequest.h:
(WebCore::XMLHttpRequest::doneWithoutErrors): Extracted from responseXML.
(WebCore::XMLHttpRequest::responseTextIgnoringResponseType): Extracted from responseText.
(WebCore::XMLHttpRequest::responseCacheIsValid): Added.
(WebCore::XMLHttpRequest::shouldDecodeResponse): Extracted from didReceiveData.
Also modified to decode when the response type is ResponseTypeJSON.

* xml/XMLHttpRequest.idl: Added CachedAttribute IDL extention on response property. This cache is
used when the response type is 'json'.

LayoutTests: 

Add regression tests for XMLHttpRequest.response of type 'json'.

Two of these tests (valid & invalid) come from Jarred Nicholls's original patch.

* fast/xmlhttprequest/resources/xmlhttprequest-responsetype-json-utf-16.json: Added.
* fast/xmlhttprequest/resources/xmlhttprequest-responsetype-json.json: Added.
* fast/xmlhttprequest/xmlhttprequest-responsetype-json-invalid-expected.txt: Added.
* fast/xmlhttprequest/xmlhttprequest-responsetype-json-invalid.html: Added.
* fast/xmlhttprequest/xmlhttprequest-responsetype-json-utf16-expected.txt: Added.
* fast/xmlhttprequest/xmlhttprequest-responsetype-json-utf16.html: Added.
* fast/xmlhttprequest/xmlhttprequest-responsetype-json-valid-expected.txt: Added.
* fast/xmlhttprequest/xmlhttprequest-responsetype-json-valid.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154992 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120567

Reviewed by Oliver Hunt.
        
This is a risky change from a performance standpoint, but I believe it's
necessary. This makes all CodeBlocks get swept by GC. Nobody but the GC
can delete CodeBlocks because the GC always holds a reference to them.
Once a CodeBlock reaches just one reference (i.e. the one from the GC)
then the GC will free it only if it's not on the stack.
        
This allows me to get rid of the jettisoning logic. We need this for FTL
tier-up. Well; we don't need it, but it will help prevent a lot of bugs.
Previously, if you wanted to to replace one code block with another, you
had to remember to tell the GC that the previous code block is
"jettisoned". We would need to do this when tiering up from DFG to FTL
and when dealing with DFG-to-FTL OSR entry code blocks. There are a lot
of permutations here - tiering up to the FTL, OSR entering into the FTL,
deciding that an OSR entry code block is not relevant anymore - just to
name a few. In each of these cases we'd have to jettison the previous
code block. It smells like a huge source of future bugs.
        
So I made jettisoning implicit by making the GC always watch out for a
CodeBlock being owned solely by the GC.
        
This change is performance neutral.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::visitAggregate):
(JSC::CodeBlock::jettison):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::setJITCode):
(JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
(JSC::CodeBlockSet::mark):
* dfg/DFGCommonData.h:
(JSC::DFG::CommonData::CommonData):
* heap/CodeBlockSet.cpp: Added.
(JSC::CodeBlockSet::CodeBlockSet):
(JSC::CodeBlockSet::~CodeBlockSet):
(JSC::CodeBlockSet::add):
(JSC::CodeBlockSet::clearMarks):
(JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
(JSC::CodeBlockSet::traceMarked):
* heap/CodeBlockSet.h: Added.
* heap/ConservativeRoots.cpp:
(JSC::ConservativeRoots::add):
* heap/ConservativeRoots.h:
* heap/DFGCodeBlocks.cpp: Removed.
* heap/DFGCodeBlocks.h: Removed.
* heap/Heap.cpp:
(JSC::Heap::markRoots):
(JSC::Heap::deleteAllCompiledCode):
(JSC::Heap::deleteUnmarkedCompiledCode):
* heap/Heap.h:
* interpreter/JSStack.cpp:
(JSC::JSStack::gatherConservativeRoots):
* interpreter/JSStack.h:
* runtime/Executable.cpp:
(JSC::ScriptExecutable::installCode):
* runtime/Executable.h:
* runtime/VM.h:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154986 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120551

Reviewed by Michael Saboff.
        
Fix the bug, and did a big clean-up of how Executable returns CodeBlocks. A lot
of the problems we have with code like CodeBlock::baselineVersion() is that we
were trying *way too hard* to side-step the fact that Executable can't return a
CodeBlock*. Previously it could only return CodeBlock&, so if it didn't have a
CodeBlock yet, you were screwed. And if you didn't know, or weren't sure, if it
did have a CodeBlock, you were really going to have a bad time. Also it really
bugs me that the methods were called generatedBytecode(). In all other contexts
if you ask for a CodeBlock, then method to call is codeBlock(). So I made all
of those changes.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::baselineVersion):
(JSC::ProgramCodeBlock::replacement):
(JSC::EvalCodeBlock::replacement):
(JSC::FunctionCodeBlock::replacement):
(JSC::CodeBlock::globalObjectFor):
* bytecode/CodeOrigin.cpp:
(JSC::InlineCallFrame::hash):
* dfg/DFGOperations.cpp:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):
* jit/JITCode.h:
(JSC::JITCode::isExecutableScript):
(JSC::JITCode::isLowerTier):
* jit/JITStubs.cpp:
(JSC::lazyLinkFor):
(JSC::DEFINE_STUB_FUNCTION):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::traceFunctionPrologue):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::setUpCall):
* runtime/ArrayPrototype.cpp:
(JSC::isNumericCompareFunction):
* runtime/CommonSlowPaths.h:
(JSC::CommonSlowPaths::arityCheckFor):
* runtime/Executable.cpp:
(JSC::ScriptExecutable::installCode):
* runtime/Executable.h:
(JSC::EvalExecutable::codeBlock):
(JSC::ProgramExecutable::codeBlock):
(JSC::FunctionExecutable::eitherCodeBlock):
(JSC::FunctionExecutable::codeBlockForCall):
(JSC::FunctionExecutable::codeBlockForConstruct):
(JSC::FunctionExecutable::codeBlockFor):
* runtime/FunctionExecutableDump.cpp:
(JSC::FunctionExecutableDump::dump):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154935 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120549

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

We simply reuse the MapData type from JSMap making the
it much simpler.

* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/CommonIdentifiers.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::setStructure):
* runtime/JSSet.cpp: Added.
(JSC::JSSet::visitChildren):
(JSC::JSSet::finishCreation):
* runtime/JSSet.h: Added.
(JSC::JSSet::createStructure):
(JSC::JSSet::create):
(JSC::JSSet::mapData):
(JSC::JSSet::JSSet):
* runtime/SetConstructor.cpp: Added.
(JSC::SetConstructor::finishCreation):
(JSC::callSet):
(JSC::constructSet):
(JSC::SetConstructor::getConstructData):
(JSC::SetConstructor::getCallData):
* runtime/SetConstructor.h: Added.
(JSC::SetConstructor::create):
(JSC::SetConstructor::createStructure):
(JSC::SetConstructor::SetConstructor):
* runtime/SetPrototype.cpp: Added.
(JSC::SetPrototype::finishCreation):
(JSC::getMapData):
(JSC::setProtoFuncAdd):
(JSC::setProtoFuncClear):
(JSC::setProtoFuncDelete):
(JSC::setProtoFuncForEach):
(JSC::setProtoFuncHas):
(JSC::setProtoFuncSize):
* runtime/SetPrototype.h: Added.
(JSC::SetPrototype::create):
(JSC::SetPrototype::createStructure):
(JSC::SetPrototype::SetPrototype):

LayoutTests:

Add tests

* fast/js/basic-set-expected.txt: Added.
* fast/js/basic-set.html: Added.
* fast/js/script-tests/basic-set.js: Added.
(set new):
(otherString.string_appeared_here.set add):
(try.set forEach):
(set forEach):
(set gc):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154916 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120505

Reviewed by Darin Adler.

Source/JavaScriptCore:

Replaces JSValue::operator bool() with a operator UnspecifiedBoolType* as
we do elsewhere.  Then fix the places where terrible type coercion was
happening.  All of the changes made had no fundamental behavioural impact
as they were coercion results that were ignored (returning undefined
after an exception).

* dfg/DFGOperations.cpp:
* interpreter/CallFrame.h:
(JSC::ExecState::hadException):
* runtime/JSCJSValue.h:
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::operator UnspecifiedBoolType*):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncEval):
* runtime/PropertyDescriptor.cpp:
(JSC::PropertyDescriptor::equalTo)

Source/WTF:

Make LIKELY and UNLIKELY macros coerce to bool before
passing to expect.

* wtf/Compiler.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154902 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120531

Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-30
Reviewed by Darin Adler.

Changed the assert to ASSERT_NOT_REACHED, now that r154839 has landed. errorDescriptionForValue
can assert again that the parameterized JSValue is !isEmpty().

* runtime/ExceptionHelpers.cpp:
(JSC::errorDescriptionForValue):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154892 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120503

Reviewed by Geoffrey Garen.

Unreviewed build fix attempt for GTK, Qt Windows and CMake based ports.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* Target.pri:
* runtime/MapData.h:
(JSC::MapData::KeyType::KeyType):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154864 268f45cc-cd09-0410-ab3c-d52691b4dbfc

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154862 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120333

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Implement support for the ES6 Map type and related classes.

* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/CopyToken.h: Add a new token to track copying the backing store
* runtime/CommonIdentifiers.h: Add new identifiers
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
    Add new structures and prototypes

* runtime/JSMap.cpp: Added.
* runtime/JSMap.h: Added.
    New JSMap class to represent a Map instance

* runtime/MapConstructor.cpp: Added.
* runtime/MapConstructor.h: Added.
    The Map constructor

* runtime/MapData.cpp: Added.
* runtime/MapData.h: Added.
    The most interesting data structure.  The roughly corresponds
    to the ES6 notion of MapData.  It provides the core JSValue->JSValue
    map implementation.  We implement it using 2 hashtables and a flat
    table.  Due to the different semantics of string comparisons vs.
    all others we need have one map keyed by String and the other by
    generic JSValue.  The actual table is represented more or less
    exactly as described in the ES6 draft - a single contiguous list of
    key/value pairs.  The entire map could be achieved with just this
    table, however we need the HashMaps in order to maintain O(1) lookup.

    Deleted values are simply cleared as the draft says, however the
    implementation compacts the storage on copy as long as the are no
    active iterators.

* runtime/MapPrototype.cpp: Added.
* runtime/MapPrototype.h: Added.
    Implement Map prototype functions

* runtime/VM.cpp:
    Add new structures.

LayoutTests:

Tests

* fast/js/basic-map-expected.txt: Added.
* fast/js/basic-map.html: Added.
* fast/js/script-tests/basic-map.js: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154861 268f45cc-cd09-0410-ab3c-d52691b4dbfc

If you are going to exclude promises, actually exclude the build components.

* interpreter/CallFrame.h: Exclude promise declarations
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset): Exclude promise code.
(JSC::JSGlobalObject::visitChildren): Ditto.
* runtime/VM.cpp: Ditto.
(JSC::VM::VM):
(JSC::VM::~VM):
* runtime/VM.h:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154853 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120488

Reviewed by Andreas Kling.

* Source/autotools/SetupWebKitFeatures.m4:
* Source/cmake/WebKitFeatures.cmake:
* Source/cmakeconfig.h.cmake:

Source/JavaScriptCore: Add ENABLE guards for Promises
https://bugs.webkit.org/show_bug.cgi?id=120488

Reviewed by Andreas Kling.

* Configurations/FeatureDefines.xcconfig:
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
* runtime/JSPromise.cpp:
* runtime/JSPromise.h:
* runtime/JSPromiseCallback.cpp:
* runtime/JSPromiseCallback.h:
* runtime/JSPromiseConstructor.cpp:
* runtime/JSPromiseConstructor.h:
* runtime/JSPromisePrototype.cpp:
* runtime/JSPromisePrototype.h:
* runtime/JSPromiseResolver.cpp:
* runtime/JSPromiseResolver.h:
* runtime/JSPromiseResolverConstructor.cpp:
* runtime/JSPromiseResolverConstructor.h:
* runtime/JSPromiseResolverPrototype.cpp:
* runtime/JSPromiseResolverPrototype.h:

Source/WebCore: Add ENABLE guards for Promises
https://bugs.webkit.org/show_bug.cgi?id=120488

Reviewed by Andreas Kling.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac: Add ENABLE gaurds for Promises
https://bugs.webkit.org/show_bug.cgi?id=120488

Reviewed by Andreas Kling.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit2: Add ENABLE gaurds for Promises
https://bugs.webkit.org/show_bug.cgi?id=120488

Reviewed by Andreas Kling.

* Configurations/FeatureDefines.xcconfig:

Source/WTF: Add ENABLE guards for Promises
https://bugs.webkit.org/show_bug.cgi?id=120488

Reviewed by Andreas Kling.

* wtf/FeatureDefines.h:

Tools: Add ENABLE guards for Promises
https://bugs.webkit.org/show_bug.cgi?id=120488

Reviewed by Andreas Kling.

* Scripts/webkitperl/FeatureList.pm:
* qmake/mkspecs/features/features.pri:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154847 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120453

Reviewed by Oliver Hunt.
        
Instead of saying:
        
    codeBlock->prepareForExecution(stuff, BaselineJIT, more stuff)
        
we should just say:
        
    JIT::compile(stuff, codeBlock, more stuff);
        
And similarly for the LLInt and DFG.
        
This kills a bunch of code, since CodeBlock::prepareForExecution() is just a
wrapper that uses the JITType argument to call into the appropriate execution
engine, which is what the user wanted to do in the first place.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
* bytecode/CodeBlock.h:
* dfg/DFGDriver.cpp:
(JSC::DFG::compileImpl):
(JSC::DFG::compile):
* dfg/DFGDriver.h:
(JSC::DFG::tryCompile):
* dfg/DFGOSRExitPreparation.cpp:
(JSC::DFG::prepareCodeOriginForOSRExit):
* dfg/DFGWorklist.cpp:
(JSC::DFG::globalWorklist):
* dfg/DFGWorklist.h:
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JIT.h:
(JSC::JIT::compile):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* llint/LLIntEntrypoint.cpp: Copied from Source/JavaScriptCore/llint/LLIntEntrypoints.cpp.
(JSC::LLInt::setFunctionEntrypoint):
(JSC::LLInt::setEvalEntrypoint):
(JSC::LLInt::setProgramEntrypoint):
(JSC::LLInt::setEntrypoint):
* llint/LLIntEntrypoint.h: Copied from Source/JavaScriptCore/llint/LLIntEntrypoints.h.
* llint/LLIntEntrypoints.cpp: Removed.
* llint/LLIntEntrypoints.h: Removed.
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::jitCompileAndSetHeuristics):
* runtime/Executable.cpp:
(JSC::ScriptExecutable::prepareForExecutionImpl):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154833 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120326

Reviewed by Oliver Hunt.
        
Rolling r154804 back in after fixing no-LLInt build.
        
Previously Executable owned the code for generating JIT code; you always had
to go through Executable. But often you also had to go through CodeBlock,
because ScriptExecutable couldn't have virtual methods, but CodeBlock could.
So you'd ask CodeBlock to do something, which would dispatch through a
virtual method that would select the appropriate Executable subtype's method.
This all meant that the same code would often be duplicated, because most of
the work needed to compile something was identical regardless of code type.
But then we tried to fix this, by having templatized helpers in
ExecutionHarness.h and JITDriver.h. The result was that if you wanted to find
out what happened when you asked for something to be compiled, you'd go on a
wild ride that started with CodeBlock, touched upon Executable, and then
ricocheted into either ExecutionHarness or JITDriver (likely both).
        
Another awkwardness was that for concurrent compiles, the DFG::Worklist had
super-special inside knowledge of what JITStubs.cpp's cti_optimize would have
done once the compilation finished.
        
Also, most of the DFG JIT drivers assumed that they couldn't install the
JITCode into the CodeBlock directly - instead they would return it via a
reference, which happened to be a reference to the JITCode pointer in
Executable. This was super weird.
        
Finally, there was no notion of compiling code into a special CodeBlock that
wasn't used for handling calls into an Executable. I'd like this for FTL OSR
entry.
        
This patch solves these problems by reducing all of that complexity into just
three primitives:
        
- Executable::newCodeBlock(). This gives you a new code block, either for call
  or for construct, and either to serve as the baseline code or the optimized
  code. The new code block is then owned by the caller; Executable doesn't
  register it anywhere. The new code block has no JITCode and isn't callable,
  but it has all of the bytecode.
        
- CodeBlock::prepareForExecution(). This takes the CodeBlock's bytecode and
  produces a JITCode, and then installs the JITCode into the CodeBlock. This
  method takes a JITType, and always compiles with that JIT. If you ask for
  JITCode::InterpreterThunk then you'll get JITCode that just points to the
  LLInt entrypoints. Once this returns, it is possible to call into the
  CodeBlock if you do so manually - but the Executable still won't know about
  it so JS calls to that Executable will still be routed to whatever CodeBlock
  is associated with the Executable.
        
- Executable::installCode(). This takes a CodeBlock and makes it the code-for-
  entry for that Executable. This involves unlinking the Executable's last
  CodeBlock, if there was one. This also tells the GC about any effect on
  memory usage and does a bunch of weird data structure rewiring, since
  Executable caches some of CodeBlock's fields for the benefit of virtual call
  fast paths.
        
This functionality is then wrapped around three convenience methods:
        
- Executable::prepareForExecution(). If there is no code block for that
  Executable, then one is created (newCodeBlock()), compiled
  (CodeBlock::prepareForExecution()) and installed (installCode()).
        
- CodeBlock::newReplacement(). Asks the Executable for a new CodeBlock that
  can serve as an optimized replacement of the current one.
        
- CodeBlock::install(). Asks the Executable to install this code block.
        
This patch allows me to kill *a lot* of code and to remove a lot of
specializations for functions vs. not-functions, and a lot of places where we
pass around JITCode references and such. ExecutionHarness and JITDriver are
both gone. Overall this patch has more red than green.
        
It also allows me to work on FTL OSR entry and tier-up:
        
- FTL tier-up: this will involve DFGOperations.cpp asking the DFG::Worklist
  to do some compilation, but it will require the DFG::Worklist to do
  something different than what JITStubs.cpp would want, once the compilation
  finishes. This patch introduces a callback mechanism for that purpose.
        
- FTL OSR entry: this will involve creating a special auto-jettisoned
  CodeBlock that is used only for FTL OSR entry. The new set of primitives
  allows for this: Executable can vend you a fresh new CodeBlock, and you can
  ask that CodeBlock to compile itself with any JIT of your choosing. Or you
  can take that CodeBlock and compile it yourself. Previously the act of
  producing a CodeBlock-for-optimization and the act of compiling code for it
  were tightly coupled; now you can separate them and you can create such
  auto-jettisoned CodeBlocks that are used for a one-shot OSR entry.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::unlinkIncomingCalls):
(JSC::CodeBlock::prepareForExecutionImpl):
(JSC::CodeBlock::prepareForExecution):
(JSC::CodeBlock::prepareForExecutionAsynchronously):
(JSC::CodeBlock::install):
(JSC::CodeBlock::newReplacement):
(JSC::FunctionCodeBlock::jettisonImpl):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::hasBaselineJITProfiling):
* bytecode/DeferredCompilationCallback.cpp: Added.
(JSC::DeferredCompilationCallback::DeferredCompilationCallback):
(JSC::DeferredCompilationCallback::~DeferredCompilationCallback):
* bytecode/DeferredCompilationCallback.h: Added.
* dfg/DFGDriver.cpp:
(JSC::DFG::tryCompile):
* dfg/DFGDriver.h:
(JSC::DFG::tryCompile):
* dfg/DFGFailedFinalizer.cpp:
(JSC::DFG::FailedFinalizer::finalize):
(JSC::DFG::FailedFinalizer::finalizeFunction):
* dfg/DFGFailedFinalizer.h:
* dfg/DFGFinalizer.h:
* dfg/DFGJITFinalizer.cpp:
(JSC::DFG::JITFinalizer::finalize):
(JSC::DFG::JITFinalizer::finalizeFunction):
* dfg/DFGJITFinalizer.h:
* dfg/DFGOSRExitPreparation.cpp:
(JSC::DFG::prepareCodeOriginForOSRExit):
* dfg/DFGOperations.cpp:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::Plan):
(JSC::DFG::Plan::compileInThreadImpl):
(JSC::DFG::Plan::notifyReady):
(JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
(JSC::DFG::Plan::finalizeAndNotifyCallback):
* dfg/DFGPlan.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGWorklist.cpp:
(JSC::DFG::Worklist::completeAllReadyPlansForVM):
(JSC::DFG::Worklist::runThread):
* ftl/FTLJITFinalizer.cpp:
(JSC::FTL::JITFinalizer::finalize):
(JSC::FTL::JITFinalizer::finalizeFunction):
* ftl/FTLJITFinalizer.h:
* heap/Heap.h:
(JSC::Heap::isDeferred):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):
* jit/JITDriver.h: Removed.
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
(JSC::jitCompileFor):
(JSC::lazyLinkFor):
* jit/JITToDFGDeferredCompilationCallback.cpp: Added.
(JSC::JITToDFGDeferredCompilationCallback::JITToDFGDeferredCompilationCallback):
(JSC::JITToDFGDeferredCompilationCallback::~JITToDFGDeferredCompilationCallback):
(JSC::JITToDFGDeferredCompilationCallback::create):
(JSC::JITToDFGDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
(JSC::JITToDFGDeferredCompilationCallback::compilationDidComplete):
* jit/JITToDFGDeferredCompilationCallback.h: Added.
* llint/LLIntEntrypoints.cpp:
(JSC::LLInt::setFunctionEntrypoint):
(JSC::LLInt::setEvalEntrypoint):
(JSC::LLInt::setProgramEntrypoint):
* llint/LLIntEntrypoints.h:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::jitCompileAndSetHeuristics):
(JSC::LLInt::setUpCall):
* runtime/ArrayPrototype.cpp:
(JSC::isNumericCompareFunction):
* runtime/CommonSlowPaths.cpp:
* runtime/CompilationResult.cpp:
(WTF::printInternal):
* runtime/CompilationResult.h:
* runtime/Executable.cpp:
(JSC::ScriptExecutable::installCode):
(JSC::ScriptExecutable::newCodeBlockFor):
(JSC::ScriptExecutable::newReplacementCodeBlockFor):
(JSC::ScriptExecutable::prepareForExecutionImpl):
* runtime/Executable.h:
(JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):
(JSC::ExecutableBase::offsetOfNumParametersFor):
(JSC::ScriptExecutable::prepareForExecution):
(JSC::FunctionExecutable::jettisonOptimizedCodeFor):
* runtime/ExecutionHarness.h: Removed.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154824 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120472

Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-29
Reviewed by Filip Pizlo.

With the JIT disabled, interpreterThrowInCaller was attempting to throw an error,
but the topCallFrame was not set yet. By passing the error object into interpreterThrowInCaller
throwException can be called when topCallFrame is set.
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/CommonSlowPathsExceptions.cpp:
(JSC::CommonSlowPaths::interpreterThrowInCaller):
* runtime/CommonSlowPathsExceptions.h:

Renamed genericThrow -> genericUnwind, because this function no longer has the ability
to throw errors. It unwinds the stack in order to report them.
* dfg/DFGOperations.cpp:
* jit/JITExceptions.cpp:
(JSC::genericUnwind):
(JSC::jitThrowNew):
(JSC::jitThrow):
* jit/JITExceptions.h:
* llint/LLIntExceptions.cpp:
(JSC::LLInt::doThrow):

LayoutTests: VM::throwException() crashes reproducibly in testapi with !ENABLE(JIT)
https://bugs.webkit.org/show_bug.cgi?id=120472

Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-29
Reviewed by Filip Pizlo.
An error that was not being reported before is now caught and being reported.
* media/track/track-cue-rendering-on-resize-expected.txt:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154817 268f45cc-cd09-0410-ab3c-d52691b4dbfc

http://trac.webkit.org/changeset/154804
https://bugs.webkit.org/show_bug.cgi?id=120477

Broke Windows build (assumes LLInt features not enabled on
this build) (Requested by bfulgham on #webkit).

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::linkIncomingCall):
(JSC::CodeBlock::unlinkIncomingCalls):
(JSC::CodeBlock::reoptimize):
(JSC::ProgramCodeBlock::replacement):
(JSC::EvalCodeBlock::replacement):
(JSC::FunctionCodeBlock::replacement):
(JSC::ProgramCodeBlock::compileOptimized):
(JSC::ProgramCodeBlock::replaceWithDeferredOptimizedCode):
(JSC::EvalCodeBlock::compileOptimized):
(JSC::EvalCodeBlock::replaceWithDeferredOptimizedCode):
(JSC::FunctionCodeBlock::compileOptimized):
(JSC::FunctionCodeBlock::replaceWithDeferredOptimizedCode):
(JSC::ProgramCodeBlock::jitCompileImpl):
(JSC::EvalCodeBlock::jitCompileImpl):
(JSC::FunctionCodeBlock::jitCompileImpl):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::jitType):
(JSC::CodeBlock::jitCompile):
* bytecode/DeferredCompilationCallback.cpp: Removed.
* bytecode/DeferredCompilationCallback.h: Removed.
* dfg/DFGDriver.cpp:
(JSC::DFG::compile):
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
(JSC::DFG::tryFinalizePlan):
* dfg/DFGDriver.h:
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
(JSC::DFG::tryFinalizePlan):
* dfg/DFGFailedFinalizer.cpp:
(JSC::DFG::FailedFinalizer::finalize):
(JSC::DFG::FailedFinalizer::finalizeFunction):
* dfg/DFGFailedFinalizer.h:
* dfg/DFGFinalizer.h:
* dfg/DFGJITFinalizer.cpp:
(JSC::DFG::JITFinalizer::finalize):
(JSC::DFG::JITFinalizer::finalizeFunction):
* dfg/DFGJITFinalizer.h:
* dfg/DFGOSRExitPreparation.cpp:
(JSC::DFG::prepareCodeOriginForOSRExit):
* dfg/DFGOperations.cpp:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::Plan):
(JSC::DFG::Plan::compileInThreadImpl):
(JSC::DFG::Plan::finalize):
* dfg/DFGPlan.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGWorklist.cpp:
(JSC::DFG::Worklist::completeAllReadyPlansForVM):
(JSC::DFG::Worklist::runThread):
* ftl/FTLJITFinalizer.cpp:
(JSC::FTL::JITFinalizer::finalize):
(JSC::FTL::JITFinalizer::finalizeFunction):
* ftl/FTLJITFinalizer.h:
* heap/Heap.h:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):
* jit/JITDriver.h: Added.
(JSC::jitCompileIfAppropriateImpl):
(JSC::jitCompileFunctionIfAppropriateImpl):
(JSC::jitCompileIfAppropriate):
(JSC::jitCompileFunctionIfAppropriate):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
(JSC::jitCompileFor):
(JSC::lazyLinkFor):
* jit/JITToDFGDeferredCompilationCallback.cpp: Removed.
* jit/JITToDFGDeferredCompilationCallback.h: Removed.
* llint/LLIntEntrypoints.cpp:
(JSC::LLInt::getFunctionEntrypoint):
(JSC::LLInt::getEvalEntrypoint):
(JSC::LLInt::getProgramEntrypoint):
* llint/LLIntEntrypoints.h:
(JSC::LLInt::getEntrypoint):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::jitCompileAndSetHeuristics):
(JSC::LLInt::setUpCall):
* runtime/ArrayPrototype.cpp:
(JSC::isNumericCompareFunction):
* runtime/CommonSlowPaths.cpp:
* runtime/CompilationResult.cpp:
(WTF::printInternal):
* runtime/CompilationResult.h:
* runtime/Executable.cpp:
(JSC::EvalExecutable::compileOptimized):
(JSC::EvalExecutable::jitCompile):
(JSC::EvalExecutable::compileInternal):
(JSC::EvalExecutable::replaceWithDeferredOptimizedCode):
(JSC::ProgramExecutable::compileOptimized):
(JSC::ProgramExecutable::jitCompile):
(JSC::ProgramExecutable::compileInternal):
(JSC::ProgramExecutable::replaceWithDeferredOptimizedCode):
(JSC::FunctionExecutable::compileOptimizedForCall):
(JSC::FunctionExecutable::compileOptimizedForConstruct):
(JSC::FunctionExecutable::jitCompileForCall):
(JSC::FunctionExecutable::jitCompileForConstruct):
(JSC::FunctionExecutable::produceCodeBlockFor):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeForCall):
(JSC::FunctionExecutable::compileForConstructInternal):
(JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeForConstruct):
* runtime/Executable.h:
(JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):
(JSC::ExecutableBase::offsetOfNumParametersFor):
(JSC::ExecutableBase::catchRoutineFor):
(JSC::EvalExecutable::compile):
(JSC::ProgramExecutable::compile):
(JSC::FunctionExecutable::compileForCall):
(JSC::FunctionExecutable::compileForConstruct):
(JSC::FunctionExecutable::compileFor):
(JSC::FunctionExecutable::compileOptimizedFor):
(JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeFor):
(JSC::FunctionExecutable::jitCompileFor):
* runtime/ExecutionHarness.h: Added.
(JSC::prepareForExecutionImpl):
(JSC::prepareFunctionForExecutionImpl):
(JSC::installOptimizedCode):
(JSC::prepareForExecution):
(JSC::prepareFunctionForExecution):
(JSC::replaceWithDeferredOptimizedCode):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154814 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120326

Reviewed by Oliver Hunt.
        
Previously Executable owned the code for generating JIT code; you always had
to go through Executable. But often you also had to go through CodeBlock,
because ScriptExecutable couldn't have virtual methods, but CodeBlock could.
So you'd ask CodeBlock to do something, which would dispatch through a
virtual method that would select the appropriate Executable subtype's method.
This all meant that the same code would often be duplicated, because most of
the work needed to compile something was identical regardless of code type.
But then we tried to fix this, by having templatized helpers in
ExecutionHarness.h and JITDriver.h. The result was that if you wanted to find
out what happened when you asked for something to be compiled, you'd go on a
wild ride that started with CodeBlock, touched upon Executable, and then
ricocheted into either ExecutionHarness or JITDriver (likely both).
        
Another awkwardness was that for concurrent compiles, the DFG::Worklist had
super-special inside knowledge of what JITStubs.cpp's cti_optimize would have
done once the compilation finished.
        
Also, most of the DFG JIT drivers assumed that they couldn't install the
JITCode into the CodeBlock directly - instead they would return it via a
reference, which happened to be a reference to the JITCode pointer in
Executable. This was super weird.
        
Finally, there was no notion of compiling code into a special CodeBlock that
wasn't used for handling calls into an Executable. I'd like this for FTL OSR
entry.
        
This patch solves these problems by reducing all of that complexity into just
three primitives:
        
- Executable::newCodeBlock(). This gives you a new code block, either for call
  or for construct, and either to serve as the baseline code or the optimized
  code. The new code block is then owned by the caller; Executable doesn't
  register it anywhere. The new code block has no JITCode and isn't callable,
  but it has all of the bytecode.
        
- CodeBlock::prepareForExecution(). This takes the CodeBlock's bytecode and
  produces a JITCode, and then installs the JITCode into the CodeBlock. This
  method takes a JITType, and always compiles with that JIT. If you ask for
  JITCode::InterpreterThunk then you'll get JITCode that just points to the
  LLInt entrypoints. Once this returns, it is possible to call into the
  CodeBlock if you do so manually - but the Executable still won't know about
  it so JS calls to that Executable will still be routed to whatever CodeBlock
  is associated with the Executable.
        
- Executable::installCode(). This takes a CodeBlock and makes it the code-for-
  entry for that Executable. This involves unlinking the Executable's last
  CodeBlock, if there was one. This also tells the GC about any effect on
  memory usage and does a bunch of weird data structure rewiring, since
  Executable caches some of CodeBlock's fields for the benefit of virtual call
  fast paths.
        
This functionality is then wrapped around three convenience methods:
        
- Executable::prepareForExecution(). If there is no code block for that
  Executable, then one is created (newCodeBlock()), compiled
  (CodeBlock::prepareForExecution()) and installed (installCode()).
        
- CodeBlock::newReplacement(). Asks the Executable for a new CodeBlock that
  can serve as an optimized replacement of the current one.
        
- CodeBlock::install(). Asks the Executable to install this code block.
        
This patch allows me to kill *a lot* of code and to remove a lot of
specializations for functions vs. not-functions, and a lot of places where we
pass around JITCode references and such. ExecutionHarness and JITDriver are
both gone. Overall this patch has more red than green.
        
It also allows me to work on FTL OSR entry and tier-up:
        
- FTL tier-up: this will involve DFGOperations.cpp asking the DFG::Worklist
  to do some compilation, but it will require the DFG::Worklist to do
  something different than what JITStubs.cpp would want, once the compilation
  finishes. This patch introduces a callback mechanism for that purpose.
        
- FTL OSR entry: this will involve creating a special auto-jettisoned
  CodeBlock that is used only for FTL OSR entry. The new set of primitives
  allows for this: Executable can vend you a fresh new CodeBlock, and you can
  ask that CodeBlock to compile itself with any JIT of your choosing. Or you
  can take that CodeBlock and compile it yourself. Previously the act of
  producing a CodeBlock-for-optimization and the act of compiling code for it
  were tightly coupled; now you can separate them and you can create such
  auto-jettisoned CodeBlocks that are used for a one-shot OSR entry.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::prepareForExecution):
(JSC::CodeBlock::install):
(JSC::CodeBlock::newReplacement):
(JSC::FunctionCodeBlock::jettisonImpl):
(JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::hasBaselineJITProfiling):
* bytecode/DeferredCompilationCallback.cpp: Added.
(JSC::DeferredCompilationCallback::DeferredCompilationCallback):
(JSC::DeferredCompilationCallback::~DeferredCompilationCallback):
* bytecode/DeferredCompilationCallback.h: Added.
* dfg/DFGDriver.cpp:
(JSC::DFG::tryCompile):
* dfg/DFGDriver.h:
(JSC::DFG::tryCompile):
* dfg/DFGFailedFinalizer.cpp:
(JSC::DFG::FailedFinalizer::finalize):
(JSC::DFG::FailedFinalizer::finalizeFunction):
* dfg/DFGFailedFinalizer.h:
* dfg/DFGFinalizer.h:
* dfg/DFGJITFinalizer.cpp:
(JSC::DFG::JITFinalizer::finalize):
(JSC::DFG::JITFinalizer::finalizeFunction):
* dfg/DFGJITFinalizer.h:
* dfg/DFGOSRExitPreparation.cpp:
(JSC::DFG::prepareCodeOriginForOSRExit):
* dfg/DFGOperations.cpp:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::Plan):
(JSC::DFG::Plan::compileInThreadImpl):
(JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
(JSC::DFG::Plan::finalizeAndNotifyCallback):
* dfg/DFGPlan.h:
* dfg/DFGWorklist.cpp:
(JSC::DFG::Worklist::completeAllReadyPlansForVM):
* ftl/FTLJITFinalizer.cpp:
(JSC::FTL::JITFinalizer::finalize):
(JSC::FTL::JITFinalizer::finalizeFunction):
* ftl/FTLJITFinalizer.h:
* heap/Heap.h:
(JSC::Heap::isDeferred):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):
* jit/JITDriver.h: Removed.
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
(JSC::jitCompileFor):
(JSC::lazyLinkFor):
* jit/JITToDFGDeferredCompilationCallback.cpp: Added.
(JSC::JITToDFGDeferredCompilationCallback::JITToDFGDeferredCompilationCallback):
(JSC::JITToDFGDeferredCompilationCallback::~JITToDFGDeferredCompilationCallback):
(JSC::JITToDFGDeferredCompilationCallback::create):
(JSC::JITToDFGDeferredCompilationCallback::compilationDidComplete):
* jit/JITToDFGDeferredCompilationCallback.h: Added.
* llint/LLIntEntrypoints.cpp:
(JSC::LLInt::setFunctionEntrypoint):
(JSC::LLInt::setEvalEntrypoint):
(JSC::LLInt::setProgramEntrypoint):
* llint/LLIntEntrypoints.h:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::jitCompileAndSetHeuristics):
(JSC::LLInt::setUpCall):
* runtime/ArrayPrototype.cpp:
(JSC::isNumericCompareFunction):
* runtime/CommonSlowPaths.cpp:
* runtime/CompilationResult.cpp:
(WTF::printInternal):
* runtime/CompilationResult.h:
* runtime/Executable.cpp:
(JSC::ScriptExecutable::installCode):
(JSC::ScriptExecutable::newCodeBlockFor):
(JSC::ScriptExecutable::newReplacementCodeBlockFor):
(JSC::ScriptExecutable::prepareForExecutionImpl):
* runtime/Executable.h:
(JSC::ScriptExecutable::prepareForExecution):
(JSC::FunctionExecutable::jettisonOptimizedCodeFor):
* runtime/ExecutionHarness.h: Removed.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154804 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Refactoring Exception throws.

Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-28
Reviewed by Geoffrey Garen.

Gardening of exception throws. The act of throwing an exception was being handled in
different ways depending on whether the code was running in the LLint, Baseline JIT,
or the DFG Jit. This made development in the vm exception and error objects difficult.

 * runtime/VM.cpp:
(JSC::appendSourceToError):
This function moved from the interpreter into the VM. It views the developers code
(if there is a codeBlock) to extract what was trying to be evaluated when the error
occurred.

(JSC::VM::throwException):
This function takes in the error object and sets the following:
    1: The VM's exception stack
    2: The VM's exception
    3: Appends extra information on the error message(via appendSourceToError)
    4: The error object's line number
    5: The error object's column number
    6: The error object's sourceURL
    7: The error object's stack trace (unless it already exists because the developer
        created the error object).

(JSC::VM::getExceptionInfo):
(JSC::VM::setExceptionInfo):
(JSC::VM::clearException):
(JSC::clearExceptionStack):
* runtime/VM.h:
(JSC::VM::exceptionOffset):
(JSC::VM::exception):
(JSC::VM::addressOfException):
(JSC::VM::exceptionStack):
VM exception and exceptionStack are now private data members.

* interpreter/Interpreter.h:
(JSC::ClearExceptionScope::ClearExceptionScope):
Created this structure to temporarily clear the exception within the VM. This
needed to see if addition errors occur when setting the debugger as we are
unwinding the stack.

 * interpreter/Interpreter.cpp:
(JSC::Interpreter::unwind):
Removed the code that would try to add error information if it did not exist.
All of this functionality has moved into the VM and all error information is set
at the time the error occurs.

The rest of these functions reference the new calling convention to throw an error.

* API/APICallbackFunction.h:
(JSC::APICallbackFunction::call):
* API/JSCallbackConstructor.cpp:
(JSC::constructJSCallback):
* API/JSCallbackObjectFunctions.h:
(JSC::::getOwnPropertySlot):
(JSC::::defaultValue):
(JSC::::put):
(JSC::::putByIndex):
(JSC::::deleteProperty):
(JSC::::construct):
(JSC::::customHasInstance):
(JSC::::call):
(JSC::::getStaticValue):
(JSC::::staticFunctionGetter):
(JSC::::callbackGetter):
* debugger/Debugger.cpp:
(JSC::evaluateInGlobalCallFrame):
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::evaluate):
* dfg/DFGAssemblyHelpers.h:
(JSC::DFG::AssemblyHelpers::emitExceptionCheck):
* dfg/DFGOperations.cpp:
(JSC::DFG::operationPutByValInternal):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::callCheck):
* heap/Heap.cpp:
(JSC::Heap::markRoots):
* interpreter/CallFrame.h:
(JSC::ExecState::clearException):
(JSC::ExecState::exception):
(JSC::ExecState::hadException):
* interpreter/Interpreter.cpp:
(JSC::eval):
(JSC::loadVarargs):
(JSC::stackTraceAsString):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):
* interpreter/Interpreter.h:
(JSC::ClearExceptionScope::ClearExceptionScope):
* jit/JITCode.cpp:
(JSC::JITCode::execute):
* jit/JITExceptions.cpp:
(JSC::genericThrow):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_catch):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileCTINativeCall):
(JSC::JIT::emit_op_catch):
* jit/JITStubs.cpp:
(JSC::returnToThrowTrampoline):
(JSC::throwExceptionFromOpCall):
(JSC::DEFINE_STUB_FUNCTION):
(JSC::jitCompileFor):
(JSC::lazyLinkFor):
(JSC::putByVal):
(JSC::cti_vm_handle_exception):
* jit/SlowPathCall.h:
(JSC::JITSlowPathCall::call):
* jit/ThunkGenerators.cpp:
(JSC::nativeForGenerator):
* jsc.cpp:
(functionRun):
(functionLoad):
(functionCheckSyntax):
* llint/LLIntExceptions.cpp:
(JSC::LLInt::doThrow):
(JSC::LLInt::returnToThrow):
(JSC::LLInt::callToThrow):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LowLevelInterpreter.cpp:
(JSC::CLoop::execute):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/ArrayConstructor.cpp:
(JSC::constructArrayWithSizeQuirk):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/CommonSlowPaths.h:
(JSC::CommonSlowPaths::opIn):
* runtime/CommonSlowPathsExceptions.cpp:
(JSC::CommonSlowPaths::interpreterThrowInCaller):
* runtime/Completion.cpp:
(JSC::evaluate):
* runtime/Error.cpp:
(JSC::addErrorInfo):
(JSC::throwTypeError):
(JSC::throwSyntaxError):
* runtime/Error.h:
(JSC::throwVMError):
* runtime/ExceptionHelpers.cpp:
(JSC::throwOutOfMemoryError):
(JSC::throwStackOverflowError):
(JSC::throwTerminatedExecutionException):
* runtime/Executable.cpp:
(JSC::EvalExecutable::create):
(JSC::FunctionExecutable::produceCodeBlockFor):
* runtime/FunctionConstructor.cpp:
(JSC::constructFunction):
(JSC::constructFunctionSkippingEvalEnabledCheck):
* runtime/JSArray.cpp:
(JSC::JSArray::defineOwnProperty):
(JSC::JSArray::put):
(JSC::JSArray::push):
* runtime/JSCJSValue.cpp:
(JSC::JSValue::toObjectSlowCase):
(JSC::JSValue::synthesizePrototype):
(JSC::JSValue::putToPrimitive):
* runtime/JSFunction.cpp:
(JSC::JSFunction::defineOwnProperty):
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::::create):
(JSC::::createUninitialized):
(JSC::::validateRange):
(JSC::::setWithSpecificType):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::encode):
(JSC::decode):
(JSC::globalFuncProtoSetter):
* runtime/JSNameScope.cpp:
(JSC::JSNameScope::put):
* runtime/JSONObject.cpp:
(JSC::Stringifier::appendStringifiedValue):
(JSC::Walker::walk):
* runtime/JSObject.cpp:
(JSC::JSObject::put):
(JSC::JSObject::defaultValue):
(JSC::JSObject::hasInstance):
(JSC::JSObject::defaultHasInstance):
(JSC::JSObject::defineOwnNonIndexProperty):
(JSC::throwTypeError):
* runtime/ObjectConstructor.cpp:
(JSC::toPropertyDescriptor):
* runtime/RegExpConstructor.cpp:
(JSC::constructRegExp):
* runtime/StringObject.cpp:
(JSC::StringObject::defineOwnProperty):
* runtime/StringRecursionChecker.cpp:
(JSC::StringRecursionChecker::throwStackOverflowError):

Source/WebCore: https://bugs.webkit.org/show_bug.cgi?id=119548
Refactoring Exception throws.

Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-28
Reviewed by Geoffrey Garen.

Gets column information from the error object for reporting exceptions.
* bindings/js/JSDOMBinding.cpp:
(WebCore::reportException):
* bindings/js/ScriptCallStackFactory.cpp:
(WebCore::createScriptCallStackFromException):

Moved setting an exception into the vm, These functions changed to use the new functionality.

* bindings/js/JSAudioBufferSourceNodeCustom.cpp:
(WebCore::JSAudioBufferSourceNode::setBuffer):
* bindings/js/JSBiquadFilterNodeCustom.cpp:
(WebCore::JSBiquadFilterNode::setType):
* bindings/js/JSCryptoCustom.cpp:
(WebCore::JSCrypto::getRandomValues):
* bindings/js/JSDOMBinding.cpp:
(WebCore::setDOMException):
* bindings/js/JSInjectedScriptHostCustom.cpp:
(WebCore::JSInjectedScriptHost::setFunctionVariableValue):
* bindings/js/JSJavaScriptCallFrameCustom.cpp:
(WebCore::JSJavaScriptCallFrame::evaluate):
(WebCore::JSJavaScriptCallFrame::setVariableValue):
* bindings/js/JSNodeFilterCondition.cpp:
(WebCore::JSNodeFilterCondition::acceptNode):
* bindings/js/JSOscillatorNodeCustom.cpp:
(WebCore::JSOscillatorNode::setType):
* bindings/js/JSPannerNodeCustom.cpp:
(WebCore::JSPannerNode::setPanningModel):
(WebCore::JSPannerNode::setDistanceModel):
* bindings/js/JSSVGLengthCustom.cpp:
(WebCore::JSSVGLength::convertToSpecifiedUnits):
* bindings/js/JSWebGLRenderingContextCustom.cpp:
(WebCore::getObjectParameter):
(WebCore::JSWebGLRenderingContext::getAttachedShaders):
(WebCore::JSWebGLRenderingContext::getExtension):
(WebCore::JSWebGLRenderingContext::getFramebufferAttachmentParameter):
(WebCore::JSWebGLRenderingContext::getParameter):
(WebCore::JSWebGLRenderingContext::getProgramParameter):
(WebCore::JSWebGLRenderingContext::getShaderParameter):
(WebCore::JSWebGLRenderingContext::getUniform):
(WebCore::dataFunctionf):
(WebCore::dataFunctioni):
(WebCore::dataFunctionMatrix):
* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::JSXMLHttpRequest::open):
* bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneBase::throwStackOverflow):
(WebCore::CloneDeserializer::throwValidationError):
(WebCore::SerializedScriptValue::maybeThrowExceptionIfSerializationFailed):
* bindings/js/WorkerScriptController.cpp:
(WebCore::WorkerScriptController::evaluate):
(WebCore::WorkerScriptController::setException):
* bridge/c/c_instance.cpp:
(JSC::Bindings::CInstance::moveGlobalExceptionToExecState):
(JSC::Bindings::CInstance::invokeMethod):
(JSC::Bindings::CInstance::invokeDefaultMethod):
(JSC::Bindings::CInstance::invokeConstruct):
(JSC::Bindings::CInstance::toJSPrimitive):
* bridge/objc/objc_instance.mm:
(ObjcInstance::invokeMethod):
* bridge/objc/objc_runtime.mm:
(JSC::Bindings::ObjcArray::setValueAt):
(JSC::Bindings::ObjcArray::valueAt):
* bridge/objc/objc_utility.mm:
(JSC::Bindings::throwError):
* bridge/qt/qt_instance.cpp:
(JSC::Bindings::QtField::valueFromInstance):
(JSC::Bindings::QtField::setValueToInstance):
* bridge/runtime_array.cpp:
(JSC::RuntimeArray::put):
(JSC::RuntimeArray::putByIndex):
* bridge/runtime_object.cpp:
(JSC::Bindings::RuntimeObject::throwInvalidAccessError):

Source/WebKit/mac: https://bugs.webkit.org/show_bug.cgi?id=119548
Refactoring Exception throws.

Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-28
Reviewed by Geoffrey Garen.

Moved setting an exception into the vm, These functions changed to use the new functionality.

* Plugins/Hosted/NetscapePluginInstanceProxy.mm:
(WebKit::NetscapePluginInstanceProxy::moveGlobalExceptionToExecState):
* Plugins/Hosted/ProxyInstance.mm:
(WebKit::ProxyInstance::invokeMethod):

Source/WebKit2: https://bugs.webkit.org/show_bug.cgi?id=119548
Refactoring Exception throws.

Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-28
Reviewed by Geoffrey Garen.

Moved setting an exception into the vm, These functions changed to use the new functionality.

* WebProcess/Plugins/Netscape/JSNPObject.cpp:
(WebKit::JSNPObject::callMethod):
(WebKit::JSNPObject::callObject):
(WebKit::JSNPObject::callConstructor):
(WebKit::JSNPObject::throwInvalidAccessError):
* WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
(WebKit::NPRuntimeObjectMap::moveGlobalExceptionToExecState):

LayoutTests: https://bugs.webkit.org/show_bug.cgi?id=119548
Refactoring Exception throws.

Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-28
Reviewed by Geoffrey Garen.

Column/line information was added into these results.
* fast/events/window-onerror4-expected.txt:
* fast/js/global-recursion-on-full-stack-expected.txt:

fixed a variable name in a case when shouldThrowType failed.
* fast/js/mozilla/resources/js-test-pre.js:
(shouldThrowType):

Sorted the properties to allow the results always show in the same order.
* fast/js/script-tests/exception-properties.js:
* fast/js/exception-properties-expected.txt:

This test needed to be modified to have the line numbers match on the output across
wk and wk2. This test is inherently flaky because is relies on size of the available
native stack. To account for the flakiness an additional call was made to force the
results to match.
This patch now records and outputs the line number where the errors were occurring.
This was causing the test results to no longer match because of the line numbers.
By changing how to account for the flakiness, the results match again.
* fast/xmlhttprequest/xmlhttprequest-recursive-sync-event-expected.txt:
* fast/xmlhttprequest/xmlhttprequest-recursive-sync-event.html:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154797 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage does a check on the length of the ArrayStorage after possible reallocing it
https://bugs.webkit.org/show_bug.cgi?id=120278

Reviewed by Geoffrey Garen.

Source/JavaScriptCore: 

* runtime/JSObject.cpp:
(JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):

LayoutTests: 

* fast/js/put-direct-index-beyond-vector-length-resize-expected.txt: Added.
* fast/js/put-direct-index-beyond-vector-length-resize.html: Added.
* fast/js/script-tests/put-direct-index-beyond-vector-length-resize.js: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154633 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Rubber stamped by Mark Hahnenberg.

* runtime/Executable.h:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154632 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120314

Reviewed by Darin Adler.

Currently with the way that defineProperty works, we leave a stray low bit set in 
PropertyDescriptor::m_attributes in the following code:

var o = {};
Object.defineProperty(o, 100, {writable:true, enumerable:true, configurable:true, value:"foo"});
        
This is due to the fact that the lowest non-zero attribute (ReadOnly) is represented as 1 << 1 
instead of 1 << 0. We then calculate the default attributes as (DontDelete << 1) - 1, which is 0xF, 
but only the top three bits mean anything. Even in the case above, the top three bits are set 
to 0 but the bottom bit remains set, which causes us to think m_attributes is non-zero.

Since some of these attributes and their corresponding values are exposed in the JavaScriptCore 
framework's public C API, it's safer to just change how we calculate the default value, which is
where the weirdness was originating from in the first place.

* runtime/PropertyDescriptor.cpp:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154630 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120260

Reviewed by Darin Adler.

Source/JavaScriptCore: 

Add an initial implementation of Promises - http://dom.spec.whatwg.org/#promises.
- Despite Promises being defined in the DOM, the implementation is being put in JSC
  in preparation for the Promises eventually being defined in ECMAScript.

* CMakeLists.txt:
* DerivedSources.make:
* DerivedSources.pri:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
Add new files.

* jsc.cpp:
Update jsc's GlobalObjectMethodTable to stub out the new QueueTaskToEventLoop callback. This mean's
you can't quite use Promises with with the command line tool yet.
    
* interpreter/CallFrame.h:
(JSC::ExecState::promisePrototypeTable):
(JSC::ExecState::promiseConstructorTable):
(JSC::ExecState::promiseResolverPrototypeTable):
* runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::~VM):
* runtime/VM.h:
Add supporting code for the new static lookup tables.

* runtime/CommonIdentifiers.h:
Add 3 new identifiers, "Promise", "PromiseResolver", and "then".

* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::visitChildren):
Add supporting code Promise and PromiseResolver's constructors and structures.

* runtime/JSGlobalObject.h:
(JSC::TaskContext::~TaskContext):
Add a new callback to the GlobalObjectMethodTable to post a task on the embedder's runloop.

(JSC::JSGlobalObject::promisePrototype):
(JSC::JSGlobalObject::promiseResolverPrototype):
(JSC::JSGlobalObject::promiseStructure):
(JSC::JSGlobalObject::promiseResolverStructure):
(JSC::JSGlobalObject::promiseCallbackStructure):
(JSC::JSGlobalObject::promiseWrapperCallbackStructure):
Add supporting code Promise and PromiseResolver's constructors and structures.

* runtime/JSPromise.cpp: Added.
* runtime/JSPromise.h: Added.
* runtime/JSPromiseCallback.cpp: Added.
* runtime/JSPromiseCallback.h: Added.
* runtime/JSPromiseConstructor.cpp: Added.
* runtime/JSPromiseConstructor.h: Added.
* runtime/JSPromisePrototype.cpp: Added.
* runtime/JSPromisePrototype.h: Added.
* runtime/JSPromiseResolver.cpp: Added.
* runtime/JSPromiseResolver.h: Added.
* runtime/JSPromiseResolverConstructor.cpp: Added.
* runtime/JSPromiseResolverConstructor.h: Added.
* runtime/JSPromiseResolverPrototype.cpp: Added.
* runtime/JSPromiseResolverPrototype.h: Added.
Add Promise implementation.

Source/WebCore: 

Add an initial implementation of Promises - http://dom.spec.whatwg.org/#promises.
- Despite Promises being defined in the DOM, the implementation is being put in JSC
  in preparation for the Promises eventually being defined in ECMAScript.

Tests: fast/js/Promise-already-fulfilled.html
       fast/js/Promise-already-rejected.html
       fast/js/Promise-already-resolved.html
       fast/js/Promise-catch-in-workers.html
       fast/js/Promise-catch.html
       fast/js/Promise-chain.html
       fast/js/Promise-exception.html
       fast/js/Promise-fulfill-in-workers.html
       fast/js/Promise-fulfill.html
       fast/js/Promise-init-in-workers.html
       fast/js/Promise-init.html
       fast/js/Promise-reject-in-workers.html
       fast/js/Promise-reject.html
       fast/js/Promise-resolve-chain.html
       fast/js/Promise-resolve-in-workers.html
       fast/js/Promise-resolve-with-then-exception.html
       fast/js/Promise-resolve-with-then-fulfill.html
       fast/js/Promise-resolve-with-then-reject.html
       fast/js/Promise-resolve.html
       fast/js/Promise-simple-fulfill-inside-callback.html
       fast/js/Promise-simple-fulfill.html
       fast/js/Promise-simple-in-workers.html
       fast/js/Promise-simple.html
       fast/js/Promise-static-fulfill.html
       fast/js/Promise-static-reject.html
       fast/js/Promise-static-resolve.html
       fast/js/Promise-then-in-workers.html
       fast/js/Promise-then-without-callbacks-in-workers.html
       fast/js/Promise-then-without-callbacks.html
       fast/js/Promise-then.html
       fast/js/Promise-types.html
       fast/js/Promise.html

* GNUmakefile.list.am:
* Target.pri:
* UseJSC.cmake:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSBindingsAllInOne.cpp:
Add new files.

* bindings/js/JSDOMGlobalObjectTask.cpp: Added.
(WebCore::JSGlobalObjectCallback::create):
(WebCore::JSGlobalObjectCallback::~JSGlobalObjectCallback):
(WebCore::JSGlobalObjectCallback::call):
(WebCore::JSGlobalObjectCallback::JSGlobalObjectCallback):
(WebCore::JSGlobalObjectTask::JSGlobalObjectTask):
(WebCore::JSGlobalObjectTask::~JSGlobalObjectTask):
(WebCore::JSGlobalObjectTask::performTask):
* bindings/js/JSDOMGlobalObjectTask.h: Added.
(WebCore::JSGlobalObjectTask::create):
Add a new task type to be used with the GlobalObjectMethodTable's new QueueTaskToEventLoop callback.

* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::queueTaskToEventLoop):
* bindings/js/JSDOMWindowBase.h:
Implement the GlobalObjectMethodTable callback, QueueTaskToEventLoop. 

* bindings/js/JSMainThreadExecState.h:
All using JSMainThreadExecState as a simple RAII object.

* bindings/js/JSWorkerGlobalScopeBase.cpp:
(WebCore::JSWorkerGlobalScopeBase::JSWorkerGlobalScopeBase):
(WebCore::JSWorkerGlobalScopeBase::allowsAccessFrom):
(WebCore::JSWorkerGlobalScopeBase::supportsProfiling):
(WebCore::JSWorkerGlobalScopeBase::supportsRichSourceInfo):
(WebCore::JSWorkerGlobalScopeBase::shouldInterruptScript):
(WebCore::JSWorkerGlobalScopeBase::javaScriptExperimentsEnabled):
(WebCore::JSWorkerGlobalScopeBase::queueTaskToEventLoop):
* bindings/js/JSWorkerGlobalScopeBase.h:
Add a GlobalObjectMethodTable and implement QueueTaskToEventLoop. Forward the other callbacks
to JSGlobalObject so they retain their existing behavior.

LayoutTests: 

Add tests adapted from the Mozilla and Blink projects.

* fast/js/Promise-already-fulfilled-expected.txt: Added.
* fast/js/Promise-already-fulfilled.html: Added.
* fast/js/Promise-already-rejected-expected.txt: Added.
* fast/js/Promise-already-rejected.html: Added.
* fast/js/Promise-already-resolved-expected.txt: Added.
* fast/js/Promise-already-resolved.html: Added.
* fast/js/Promise-catch-expected.txt: Added.
* fast/js/Promise-catch-in-workers-expected.txt: Added.
* fast/js/Promise-catch-in-workers.html: Added.
* fast/js/Promise-catch.html: Added.
* fast/js/Promise-chain-expected.txt: Added.
* fast/js/Promise-chain.html: Added.
* fast/js/Promise-exception-expected.txt: Added.
* fast/js/Promise-exception.html: Added.
* fast/js/Promise-expected.txt: Added.
* fast/js/Promise-fulfill-expected.txt: Added.
* fast/js/Promise-fulfill-in-workers-expected.txt: Added.
* fast/js/Promise-fulfill-in-workers.html: Added.
* fast/js/Promise-fulfill.html: Added.
* fast/js/Promise-init-expected.txt: Added.
* fast/js/Promise-init-in-workers-expected.txt: Added.
* fast/js/Promise-init-in-workers.html: Added.
* fast/js/Promise-init.html: Added.
* fast/js/Promise-reject-expected.txt: Added.
* fast/js/Promise-reject-in-workers-expected.txt: Added.
* fast/js/Promise-reject-in-workers.html: Added.
* fast/js/Promise-reject.html: Added.
* fast/js/Promise-resolve-chain-expected.txt: Added.
* fast/js/Promise-resolve-chain.html: Added.
* fast/js/Promise-resolve-expected.txt: Added.
* fast/js/Promise-resolve-in-workers-expected.txt: Added.
* fast/js/Promise-resolve-in-workers.html: Added.
* fast/js/Promise-resolve-with-then-exception-expected.txt: Added.
* fast/js/Promise-resolve-with-then-exception.html: Added.
* fast/js/Promise-resolve-with-then-fulfill-expected.txt: Added.
* fast/js/Promise-resolve-with-then-fulfill.html: Added.
* fast/js/Promise-resolve-with-then-reject-expected.txt: Added.
* fast/js/Promise-resolve-with-then-reject.html: Added.
* fast/js/Promise-resolve.html: Added.
* fast/js/Promise-simple-expected.txt: Added.
* fast/js/Promise-simple-fulfill-expected.txt: Added.
* fast/js/Promise-simple-fulfill-inside-callback-expected.txt: Added.
* fast/js/Promise-simple-fulfill-inside-callback.html: Added.
* fast/js/Promise-simple-fulfill.html: Added.
* fast/js/Promise-simple-in-workers-expected.txt: Added.
* fast/js/Promise-simple-in-workers.html: Added.
* fast/js/Promise-simple.html: Added.
* fast/js/Promise-static-fulfill-expected.txt: Added.
* fast/js/Promise-static-fulfill.html: Added.
* fast/js/Promise-static-reject-expected.txt: Added.
* fast/js/Promise-static-reject.html: Added.
* fast/js/Promise-static-resolve-expected.txt: Added.
* fast/js/Promise-static-resolve.html: Added.
* fast/js/Promise-then-expected.txt: Added.
* fast/js/Promise-then-in-workers-expected.txt: Added.
* fast/js/Promise-then-in-workers.html: Added.
* fast/js/Promise-then-without-callbacks-expected.txt: Added.
* fast/js/Promise-then-without-callbacks-in-workers-expected.txt: Added.
* fast/js/Promise-then-without-callbacks-in-workers.html: Added.
* fast/js/Promise-then-without-callbacks.html: Added.
* fast/js/Promise-then.html: Added.
* fast/js/Promise-types-expected.txt: Added.
* fast/js/Promise-types.html: Added.
* fast/js/Promise.html: Added.
* fast/js/resources/Promise-catch-in-workers.js: Added.
* fast/js/resources/Promise-fulfill-in-workers.js: Added.
* fast/js/resources/Promise-init-in-workers.js: Added.
* fast/js/resources/Promise-reject-in-workers.js: Added.
* fast/js/resources/Promise-resolve-in-workers.js: Added.
* fast/js/resources/Promise-simple-in-workers.js: Added.
* fast/js/resources/Promise-then-in-workers.js: Added.
* fast/js/resources/Promise-then-without-callbacks-in-workers.js: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154629 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120317

Reviewed by Oliver Hunt.

This will call accessors on the JSObject/JSArray prototypes - so adding an accessor or read-only
property called index or input to either of these prototypes will result in broken behavior.

Source/JavaScriptCore: 

* runtime/RegExpMatchesArray.cpp:
(JSC::RegExpMatchesArray::reifyAllProperties):
    - put -> putDirect

LayoutTests: 

* fast/regex/lastIndex-expected.txt:
* fast/regex/script-tests/lastIndex.js:
    - Added test



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154612 268f45cc-cd09-0410-ab3c-d52691b4dbfc

FloatTypedArrayAdaptor::toJSValue should almost certainly not use jsNumber() since that attempts int conversions
https://bugs.webkit.org/show_bug.cgi?id=120228

Source/JavaScriptCore: 

Reviewed by Oliver Hunt.
        
It turns out that there were three problems:
        
- Using jsNumber() meant that we were converting doubles to integers and then
  possibly back again whenever doing a set() between floating point arrays.
        
- Slow-path accesses to double typed arrays were slower than necessary because
  of the to-int conversion attempt.
        
- The use of JSValue as an intermediate for converting between differen types
  in typedArray.set() resulted in worse code than I had previously expected.
        
This patch solves the problem by using template double-dispatch to ensure that
that C++ compiler sees the simplest possible combination of casts between any
combination of typed array types, while still preserving JS and typed array
conversion semantics. Conversions are done as follows:
        
    SourceAdaptor::convertTo<TargetAdaptor>(value)
        
Internally, convertTo() calls one of three possible methods on TargetAdaptor,
with one method for each of int32_t, uint32_t, and double. This means that the
C++ compiler will at worst see a widening cast to one of those types followed
by a narrowing conversion (not necessarily a cast - may have clamping or the
JS toInt32() function).
        
This change doesn't just affect typedArray.set(); it also affects slow-path
accesses to typed arrays as well. This patch also adds a bunch of new test
coverage.
        
This change is a ~50% speed-up on typedArray.set() involving floating point
types.

* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/GenericTypedArrayView.h:
(JSC::GenericTypedArrayView::set):
* runtime/JSDataViewPrototype.cpp:
(JSC::setData):
* runtime/JSGenericTypedArrayView.h:
(JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble):
(JSC::JSGenericTypedArrayView::setIndexQuickly):
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::::setWithSpecificType):
(JSC::::set):
* runtime/ToNativeFromValue.h: Added.
(JSC::toNativeFromValue):
* runtime/TypedArrayAdaptors.h:
(JSC::IntegralTypedArrayAdaptor::toJSValue):
(JSC::IntegralTypedArrayAdaptor::toDouble):
(JSC::IntegralTypedArrayAdaptor::toNativeFromInt32):
(JSC::IntegralTypedArrayAdaptor::toNativeFromUint32):
(JSC::IntegralTypedArrayAdaptor::toNativeFromDouble):
(JSC::IntegralTypedArrayAdaptor::convertTo):
(JSC::FloatTypedArrayAdaptor::toJSValue):
(JSC::FloatTypedArrayAdaptor::toDouble):
(JSC::FloatTypedArrayAdaptor::toNativeFromInt32):
(JSC::FloatTypedArrayAdaptor::toNativeFromUint32):
(JSC::FloatTypedArrayAdaptor::toNativeFromDouble):
(JSC::FloatTypedArrayAdaptor::convertTo):
(JSC::Uint8ClampedAdaptor::toJSValue):
(JSC::Uint8ClampedAdaptor::toDouble):
(JSC::Uint8ClampedAdaptor::toNativeFromInt32):
(JSC::Uint8ClampedAdaptor::toNativeFromUint32):
(JSC::Uint8ClampedAdaptor::toNativeFromDouble):
(JSC::Uint8ClampedAdaptor::convertTo):

LayoutTests: 

Reviewed by Oliver Hunt.
        
Add coverage for three things:
        
- Typed array accesses with corner-case values.
        
- Typed array set() (i.e. copy) between arrays of different types.
        
- Performance of typedArray.set() involving different types.
        
This required some changes to our test harnesses, since they previously
couldn't consistently do numerical array comparisons in a reliable way.

* fast/js/regress/Float32Array-to-Float64Array-set-expected.txt: Added.
* fast/js/regress/Float32Array-to-Float64Array-set.html: Added.
* fast/js/regress/Float64Array-to-Int16Array-set-expected.txt: Added.
* fast/js/regress/Float64Array-to-Int16Array-set.html: Added.
* fast/js/regress/Int16Array-to-Int32Array-set-expected.txt: Added.
* fast/js/regress/Int16Array-to-Int32Array-set.html: Added.
* fast/js/regress/script-tests/Float32Array-to-Float64Array-set.js: Added.
* fast/js/regress/script-tests/Float64Array-to-Int16Array-set.js: Added.
* fast/js/regress/script-tests/Int16Array-to-Int32Array-set.js: Added.
* fast/js/resources/js-test-pre.js:
(areNumbersEqual):
(areArraysEqual):
(isResultCorrect):
* fast/js/resources/standalone-pre.js:
(areNumbersEqual):
(areArraysEqual):
(isTypedArray):
(isResultCorrect):
(stringify):
(shouldBe):
* fast/js/script-tests/typed-array-access.js: Added.
(bitsToString):
(bitsToValue):
(valueToBits):
(roundTrip):
* fast/js/script-tests/typed-array-set-different-types.js: Added.
(MyRandom):
(.reference):
(.usingConstruct):
* fast/js/typed-array-access-expected.txt: Added.
* fast/js/typed-array-access.html: Added.
* fast/js/typed-array-set-different-types-expected.txt: Added.
* fast/js/typed-array-set-different-types.html: Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154569 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=83818

Source/JavaScriptCore: 

Reviewed by Oliver Hunt and Mark Hahnenberg.
        
This was so much fun! typedArray.set() is like a memmove on steroids, and I'm
not smart enough to figure out optimal versions for *all* of the cases. But I
did come up with optimal implementations for most of the cases, and I wrote
spec-literal code (i.e. copy via a transfer buffer) for the cases I'm not smart
enough to write optimal code for.

* runtime/JSArrayBufferView.h:
(JSC::JSArrayBufferView::hasArrayBuffer):
* runtime/JSArrayBufferViewInlines.h:
(JSC::JSArrayBufferView::buffer):
(JSC::JSArrayBufferView::existingBufferInButterfly):
(JSC::JSArrayBufferView::neuter):
(JSC::JSArrayBufferView::byteOffset):
* runtime/JSGenericTypedArrayView.h:
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::::setWithSpecificType):
(JSC::::set):
(JSC::::existingBuffer):

LayoutTests: 

Reviewed by Oliver Hunt and Mark Hahnenberg.
        
Made it possible for shouldBe() to compare typed arrays to each other and to any array-like
object.
        
Added a bunch of tests for different kinds of overlapping typedArray.set()'s.
        
For sanity, also added the reduced test case from the bug. Interestingly, though, that test
case already passed on trunk - probably by luck (we had incidentally changed the default
copy direction from one that happened to not work to one that happened to be fine, but only
for this test).

* fast/js/jsc-test-list:
* fast/js/resources/js-test-pre.js:
(isTypedArray):
(isResultCorrect):
(stringify):
(shouldBe):
* fast/js/script-tests/typed-array-copy.js: Added.
* fast/js/script-tests/typedarray-set-destination-smaller-than-source.js: Added.
* fast/js/script-tests/typedarray-set-overlapping-elements-of-same-size.js: Added.
* fast/js/script-tests/typedarray-set-same-type-memmove.js: Added.
(arraysEqual):
* fast/js/script-tests/typedarray-set-source-smaller-than-destination.js: Added.
* fast/js/typed-array-copy-expected.txt: Added.
* fast/js/typed-array-copy.html: Added.
* fast/js/typedarray-set-destination-smaller-than-source-expected.txt: Added.
* fast/js/typedarray-set-destination-smaller-than-source.html: Added.
* fast/js/typedarray-set-overlapping-elements-of-same-size-expected.txt: Added.
* fast/js/typedarray-set-overlapping-elements-of-same-size.html: Added.
* fast/js/typedarray-set-same-type-memmove-expected.txt: Added.
* fast/js/typedarray-set-same-type-memmove.html: Added.
* fast/js/typedarray-set-source-smaller-than-destination-expected.txt: Added.
* fast/js/typedarray-set-source-smaller-than-destination.html: Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154518 268f45cc-cd09-0410-ab3c-d52691b4dbfc